Title: vqSoft vqServer Plaintext Password Vulnerability
Severity: MODERATE
Description:
vqSoft vqServer stores its web server settings and passwords in plaintext format in the file server.cfg. If a remote or local user were to obtain read access to server.cfg, they would be able to seize control of the web server by connecting to the remote administration interface on port 9090 and supply the username and password acquired from server.cfg. server.cfg is normally located in the path \Program Files\vqserver\vq\server\cfg\.
A recent report also indicates that some configurations store user authentication credentials in other locations accessible to local users. This includes the file irunin.ini. This problem may affect all versions.
Affected Products:
- vqSoft vqServer for Windows 1.9.55
- vqSoft vqServer for Windows 1.9.9
References:
- vqSoft: vqSoft vqServer Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
