CVE-2011-4736 in Plesk Panel
Summary
by MITRE
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/28/2018
The vulnerability identified as CVE-2011-4736 represents a critical security flaw in Parallels Plesk Panel version 10.2.0 build 20110407.20 where the control panel application transmits password credentials in cleartext over unencrypted HTTP connections. This weakness exposes sensitive authentication data to network sniffing attacks, allowing malicious actors positioned within the network to capture and exploit login credentials. The vulnerability specifically affects the login_up.php3 file and other related components within the Plesk control panel interface, creating a significant attack surface for credential theft and unauthorized system access.
This technical flaw fundamentally violates security best practices and represents a classic example of insecure communication protocols. The cleartext transmission of passwords over HTTP creates an environment where credentials can be easily intercepted during transmission, making this vulnerability particularly dangerous in shared network environments or public Wi-Fi networks where attackers can readily perform man-in-the-middle attacks. The vulnerability directly maps to CWE-312 (Cleartext Storage of Sensitive Information) and CWE-319 (Cleartext Transmission of Sensitive Information) within the Common Weakness Enumeration framework, highlighting the fundamental flaw in how sensitive data is handled during network communication.
The operational impact of this vulnerability extends beyond simple credential theft, as successful exploitation could lead to complete system compromise and unauthorized administrative access to the Plesk control panel. Attackers could leverage captured credentials to gain control over hosted websites, modify server configurations, access customer data, and potentially use the compromised system as a launching point for further attacks within the network infrastructure. This vulnerability particularly affects web hosting environments where Plesk is used to manage multiple client accounts, as a single compromised credential could provide access to numerous customer websites and associated data.
Organizations should immediately implement mitigations including mandatory HTTPS encryption for all control panel communications, disabling HTTP access to administrative interfaces, and implementing network segmentation to isolate critical systems. The recommended approach involves enforcing secure communication protocols through SSL/TLS certificates, configuring web servers to redirect all HTTP traffic to HTTPS, and implementing proper access controls and monitoring. This vulnerability aligns with ATT&CK technique T1071.004 (Application Layer Protocol: DNS) and T1566 (Phishing) as attackers may use credential theft to establish persistence and conduct further reconnaissance activities. Regular security audits and vulnerability assessments should be conducted to identify similar cleartext transmission issues throughout the infrastructure, while system administrators should prioritize patching and upgrading to versions that properly implement encrypted communication channels for all administrative functions.