Password Autocomplete Flaw in Parallels Plesk Panel by Parallels
CVE-2011-4730

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4730?

The Server Administration Panel in Parallels Plesk Panel version 10.2.0_build1011110331.18 has a critical flaw where the password field's autocomplete feature is enabled, potentially allowing remote attackers to exploit unattended workstations. This vulnerability can lead to unauthorized access, as attackers may leverage this weakness to bypass authentication through unprotected admin forms such as those found in admin/reseller/login-info/.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72329

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa...

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011