CVE-1999-1073

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Nov 30, 1998
Updated: Nov 20, 2024

Summary

CVE-1999-1073 is a vulnerability affecting Excite for Web Servers (EWS) version 1.1. This issue arises due to the server recording the first two characters of a plaintext password at the beginning of the encrypted password. An attacker can exploit this by attempting brute force or dictionary attacks, making it easier to guess user passwords. This vulnerability poses a significant risk to the security of user accounts on the affected servers. To mitigate this issue, users should upgrade to a newer version of EWS or apply a patch provided by the vendor. Additionally, implementing strong password policies and using two-factor authentication can enhance overall system security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share