|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Vulnerabilities In Pablo Software Solutions FTP Service 1.2
From: JeiAr (jeiar
kmfms.com)
Date: Tue Jun 03 2003 - 15:41:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Plaintext Password Vulnerability
------------------------------------
User info is stored in users.dat in plaintext. If the
anonymous account is present (it is by default) the
entire FTP server can be compromised
ftp://somewhere/program files/pablo's ftp service/users.dat
Default Anonymous Account
------------------------------------
The anonymous account is by default set to
have download access to anything in the C:\
directory. While this can be disabled by simply
deleting the anonymous account, it poses a
serious threat for anyone not aware of the problem.
ftp://somewhere/windows/repair/sam
In conclusion this application is totally open to
complete compromise by default. Vendor was notified
and plans on releasing a fix soon.
Credits
------------------------------------
Creits go to JeiAr of GulfTech Computers
and CSA Security Research Team
http://www.gulftech.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]