Authentication Bypass in Parallels Plesk Panel Billing System
CVE-2011-4749

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4749?

The billing system in Parallels Plesk Panel version 10.3.1 enables a security weakness due to the autocomplete feature being left enabled for password fields. This flaw can allow attackers to exploit unattended workstations, granting unauthorized access to sensitive areas of the system. The vulnerability is evident in specific forms located on pages accessible through the admin interface, highlighting a serious concern for systems handling sensitive financial data.

References

http://xss.cx/examples/plesk-reports/plesk-parallels-cont...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72260

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011