NessusWX Account Credentials Disclosure Vulnerability
BID:9993
Info
NessusWX Account Credentials Disclosure Vulnerability
| Bugtraq ID: | 9993 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Mar 29 2004 12:00AM |
| Credit: | Discovery is credited to Kevin_Davis <[email protected]>. |
| Vulnerable: |
Nessus NessusWX 1.4.4 Nessus NessusWX 1.4.3 Nessus NessusWX 1.4.2 Nessus NessusWX 1.4.1 Nessus NessusWX 1.4 |
| Not Vulnerable: | |
Discussion
NessusWX Account Credentials Disclosure Vulnerability
It has been reported that NessusWX may be prone to an account credentials disclosure vulnerability that may allow a local attacker to gain access to accounts for remote services such as FTP, IMAP, POP2, POP3, NNTP, SNMP, and SMB. The issue exists because the application stores credentials such as usernames and passwords for remote hosts in plain text format on the local system.
NessusWX versions 1.4.4 and prior may be prone to this issue.
It has been reported that NessusWX may be prone to an account credentials disclosure vulnerability that may allow a local attacker to gain access to accounts for remote services such as FTP, IMAP, POP2, POP3, NNTP, SNMP, and SMB. The issue exists because the application stores credentials such as usernames and passwords for remote hosts in plain text format on the local system.
NessusWX versions 1.4.4 and prior may be prone to this issue.
Exploit / POC
NessusWX Account Credentials Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
NessusWX Account Credentials Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
NessusWX Account Credentials Disclosure Vulnerability
References:
References:
- NessusWX Discloses Remote Account Passwords to Local Users (SecurityTracker)
- NessusWX Home Page (Nessus)