Vulnerabilities > CVE-2011-4749 - Credentials Management vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

parallels

redhat

CWE-255

critical

NVD

Published: 2011-12-16

Updated: 2019-04-22

Summary

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

Vulnerable Configurations

Part	Description	Count
Application	Parallels Parallels Parallels Plesk Panel 10.3.1_Build1013110726.09	1
OS	Redhat Redhat Enterprise Linux 6.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/72260