CVE-2011-4851 in Plesk Panel
Summary
by MITRE
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/28/2018
The vulnerability identified as CVE-2011-4851 resides within the Parallels Plesk Panel control interface, specifically affecting version 10.4.4_build20111103.18. This security flaw represents a critical oversight in web application security practices where the password form fields fail to properly disable the browser's autocomplete functionality. The issue manifests in the control panel's user authentication mechanism, creating a significant attack vector that undermines the integrity of the authentication process.
The technical implementation flaw occurs when the web application generates HTML form elements for password input without explicitly setting the autocomplete attribute to "off" or "new-password". This allows modern web browsers to automatically populate password fields with previously stored credentials, effectively bypassing the intended authentication flow. The vulnerability is particularly dangerous because it can be exploited by remote attackers who gain physical access to an unattended workstation, enabling them to leverage stored credentials without requiring additional authentication factors.
This vulnerability directly relates to CWE-625 and CWE-384, which address weaknesses in input validation and the improper handling of sensitive information in web applications. The attack vector follows patterns consistent with credential reuse attacks and session hijacking techniques described in the MITRE ATT&CK framework under T1110 for Brute Force and T1566 for Phishing. The exploitation requires minimal technical skill and can be accomplished through simple reconnaissance of the target system's browser cache and stored credentials.
The operational impact of this vulnerability extends beyond simple authentication bypass, as it provides attackers with potential access to administrative control of the entire Plesk panel environment. This access enables malicious actors to modify server configurations, manage user accounts, deploy malware, and potentially compromise multiple hosted websites. The vulnerability affects the server/google-tools/ directory and other related files within the Plesk control panel, indicating a systemic issue rather than isolated instances.
Organizations utilizing Parallels Plesk Panel should implement immediate mitigations including updating to patched versions of the software, manually reviewing and modifying HTML form elements to include proper autocomplete="off" attributes, and implementing additional authentication controls such as multi-factor authentication. System administrators should also conduct thorough security audits of all web applications to identify similar vulnerabilities and establish proper security configuration management practices. The vulnerability demonstrates the critical importance of proper input sanitization and the need for comprehensive security testing of web applications before deployment in production environments.