Clear-text Transmission of User Credentials in Web Access Component of COM2001 Alexis 2.0 and 2.1

Clear-text Transmission of User Credentials in Web Access Component of COM2001 Alexis 2.0 and 2.1

CVE-2001-1254 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.

Learn more about our Cis Benchmark Audit For Server Software.