CVE-2001-1463

Description

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Affected products

• SolarWinds / Serv-U File Server3.0.0.16 – 3.0.0.16
• SolarWinds / Serv-U File Server3.0.0.17 – 3.0.0.17

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7925
• MISChttp://www.kb.cert.org/vuls/id/279763
• MISChttp://securitytracker.com/id?1002882