CVE-2001-1463

Published: Nov 19, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Affected (2)

Products: Solarwinds: Serv U File Server

Solarwinds

1 product

Serv U File Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Serv U File Server	Version 3.0.0.16
Solarwinds Serv U File Server	Version 3.0.0.17

Related CWEs

CWE-310

References (6)

http://securitytracker.com/id?1002882

Source: cve@mitre.org

Exploit

http://www.kb.cert.org/vuls/id/279763

Source: cve@mitre.org

ExploitUS Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/7925

Source: cve@mitre.org

http://securitytracker.com/id?1002882

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.kb.cert.org/vuls/id/279763

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitUS Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/7925

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.