Facebook
Twitter
Another PCI scan failing from Security Metrics:
-------------
Protocol: TCP | Port: 8880 | Program: cddbp-alt | Score: 4.0
Description: Web Server Uses Plain Text Authentication Forms
Synoposis: The remote web server might transmit credentials in cleartext.
Impact: The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.
Page: /login_up.php3
Destination page: /login_up.php3
Input name: passwd
Other references: CWE:522, CWE:523, CWE:718, CWE:724
Resolution: Make sure that every sensitive form transmits content over HTTPS. Risk Factor: Medium/ CVSS2 Base Score: 4.0 AV:N/AC:H/Au:N/C/I:N/A:N
-------------
Now this appears to be referencing the default login page for Plesk (login_up.php3). However it definitely uses HTTPS so I don't understand the problem here.
Any help anyone can provide with this issue would be greatly appreciated.
-------------
Protocol: TCP | Port: 8880 | Program: cddbp-alt | Score: 4.0
Description: Web Server Uses Plain Text Authentication Forms
Synoposis: The remote web server might transmit credentials in cleartext.
Impact: The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.
Page: /login_up.php3
Destination page: /login_up.php3
Input name: passwd
Other references: CWE:522, CWE:523, CWE:718, CWE:724
Resolution: Make sure that every sensitive form transmits content over HTTPS. Risk Factor: Medium/ CVSS2 Base Score: 4.0 AV:N/AC:H/Au:N/C/I:N/A:N
-------------
Now this appears to be referencing the default login page for Plesk (login_up.php3). However it definitely uses HTTPS so I don't understand the problem here.
Any help anyone can provide with this issue would be greatly appreciated.
