ID

VAR-200111-0057


CVE

CVE-2001-1463


TITLE

RhinoSoft Serv-U remote administration client transmits password in plaintext

Trust: 0.8

sources: CERT/CC: VU#279763

DESCRIPTION

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. A vulnerability exists in the remote administration client for RhinoSoft Serv-U

Trust: 2.16

sources: NVD: CVE-2001-1463 // CERT/CC: VU#279763 // BID: 89617 // BID: 89673

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.0

vendor:rhinosoftmodel: - scope: - version: -

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:3.0.0.16

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.17

Trust: 0.6

sources: CERT/CC: VU#279763 // CNNVD: CNNVD-200111-018 // NVD: CVE-2001-1463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1463
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#279763
value: 4.74

Trust: 0.8

CNNVD: CNNVD-200111-018
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2001-1463
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CERT/CC: VU#279763 // CNNVD: CNNVD-200111-018 // NVD: CVE-2001-1463

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.0

sources: NVD: CVE-2001-1463

THREAT TYPE

network

Trust: 0.6

sources: BID: 89617 // BID: 89673

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 89617 // BID: 89673

PATCH

title:SolarWinds Serv-U File Server Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125161

Trust: 0.6

sources: CNNVD: CNNVD-200111-018

EXTERNAL IDS

db:SECTRACKid:1002882

Trust: 3.0

db:CERT/CCid:VU#279763

Trust: 3.0

db:NVDid:CVE-2001-1463

Trust: 2.2

db:XFid:7925

Trust: 0.6

db:CNNVDid:CNNVD-200111-018

Trust: 0.6

db:BIDid:89617

Trust: 0.3

db:BIDid:89673

Trust: 0.3

sources: CERT/CC: VU#279763 // BID: 89617 // BID: 89673 // CNNVD: CNNVD-200111-018 // NVD: CVE-2001-1463

REFERENCES

url:http://securitytracker.com/id?1002882

Trust: 3.2

url:http://www.kb.cert.org/vuls/id/279763

Trust: 3.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/7925

Trust: 2.6

url:http://www.rhinosoft.com/

Trust: 0.8

url:http://www.serv-u.com/

Trust: 0.8

url:http://www.cat-soft.com/

Trust: 0.8

url:http://www.ietf.org/rfc/rfc1760.txt

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2289.txt

Trust: 0.8

url:http://www.iss.net/security_center/static/7925.php

Trust: 0.8

url:http://securitytracker.com/alerts/2001/dec/1002882.html

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/7925

Trust: 0.6

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-1463

Trust: 0.6

sources: CERT/CC: VU#279763 // BID: 89617 // BID: 89673 // CNNVD: CNNVD-200111-018 // NVD: CVE-2001-1463

CREDITS

Unknown

Trust: 0.6

sources: BID: 89617 // BID: 89673

SOURCES

db:CERT/CCid:VU#279763
db:BIDid:89617
db:BIDid:89673
db:CNNVDid:CNNVD-200111-018
db:NVDid:CVE-2001-1463

LAST UPDATE DATE

2024-11-22T22:57:17.401000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#279763date:2002-11-15T00:00:00
db:BIDid:89617date:2001-11-19T00:00:00
db:BIDid:89673date:2001-11-19T00:00:00
db:CNNVDid:CNNVD-200111-018date:2020-07-29T00:00:00
db:NVDid:CVE-2001-1463date:2024-11-20T23:37:45.257

SOURCES RELEASE DATE

db:CERT/CCid:VU#279763date:2001-11-19T00:00:00
db:BIDid:89617date:2001-11-19T00:00:00
db:BIDid:89673date:2001-11-19T00:00:00
db:CNNVDid:CNNVD-200111-018date:2001-11-19T00:00:00
db:NVDid:CVE-2001-1463date:2001-11-19T05:00:00