Danware NetOp Remote Control Unauthenticated File Transfer Vulnerability

NetOp is a remote control utility, offering console access via network or serial connections. On NT and Windows 2000 machines, the software runs in the SYSTEM context by default.

The software includes the ability to perform direct file transfers to and from the host machine. By default, no authentication is required to perform this activity, meaning that any user with the freely-downloadable client and network access to the target can perform read/write/create operations to any file on the system, including password and configuration data.


 

Privacy Statement
Copyright 2010, SecurityFocus