• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Compaq Management Agents for Netware Plaintext Password Vulnerability

The default installation of Compaq Management Agents allow anonymous access via port 2301 over HTTP to the files \SYSTEM\AUTOEXEC.NCF and \ETC\NETINFO.CFG. These files may contain the remote console password in addition to others such as the SNMP ControlCommunity password. The passwords are stored in plaintext and can be obtained by connecting to:

http://target:2301/survey

Successful retrieval of the passwords may allow a malicious user to gain full administrative control over the Management Agents.