Vulnerabilities > CVE-2002-1654 - Authentication Attacks vulnerability in Netscape Enterprise Web Server Brute Force
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 8 |
References
- http://lists.virus.org/vulnwatch-0201/msg00008.html
- http://securitytracker.com/id?1003157
- http://www.kb.cert.org/vuls/id/985347
- http://www.kb.cert.org/vuls/id/AAMN-567NFX
- http://www.procheckup.com/vulnerabilities/pr0105.html
- http://www.securiteam.com/securitynews/5IP0G0060Q.html
- http://www.securityfocus.com/bid/3831
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7845