Insecure Autocomplete in Parallels Plesk Panel 10.3.1_build1013110726.09 Billing System
CVE-2011-4749 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.
Learn more about our Web Application Penetration Testing UK.