I just received a report from the team here that my server running Crystal Reports Server XI R2 Windows has a vulnerability and I should contact the vendor for a fix. The vulnerability is below. Would any of the downloads address this?
TITLE:
Web Server Uses Plain-Text Form Based Authentication
THREAT:
The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text.
IMPACT:
An attacker with access to the network traffic to and from the target host may be able to obtain login credentials for other users by sniffing the network traffic.
SOLUTION:
Please contact the vendor of the hardware/software for a possible fix for the issue. For custom applications, ensure that data sent via HTML login forms is encrypted before being sent from the client to the host.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.