Insecure Autocomplete in Parallels Plesk Panel 10.3.1_build1013110726.09 Billing System

Insecure Autocomplete in Parallels Plesk Panel 10.3.1_build1013110726.09 Billing System

CVE-2011-4749 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

Learn more about our Web Application Penetration Testing UK.