Cleartext Password Transmission in Parallels Plesk Small Business Panel Vulnerability
CVE-2011-4758

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Small Business Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4758?

The Parallels Plesk Small Business Panel 10.2.0 is susceptible to a vulnerability that allows remote attackers to intercept sensitive password information transmitted in cleartext over HTTP. This weakness enables attackers to sniff network traffic, potentially exposing user credentials from various forms in smb/auth and related files. Organizations using this version are advised to take immediate action to secure their data transmission practices.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72210

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-10.2.0.html

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011