BugTraq
Back to list
|
Post reply
Vulnerabilities In Pablo Software Solutions FTP Service 1.2
Jun 03 2003 08:41PM
JeiAr (jeiar kmfms com)
Plaintext Password Vulnerability
------------------------------------
User info is stored in users.dat in plaintext. If the
anonymous account is present (it is by default) the
entire FTP server can be compromised
ftp://somewhere/program files/pablo's ftp service/users.dat
Default Anonymous Account
------------------------------------
The anonymous account is by default set to
have download access to anything in the C:directory. While this can be disabled by simply
deleting the anonymous account, it poses a
serious threat for anyone not aware of the problem.
ftp://somewhere/windows/repair/sam
In conclusion this application is totally open to
complete compromise by default. Vendor was notified
and plans on releasing a fix soon.
Credits
------------------------------------
Creits go to JeiAr of GulfTech Computers
and CSA Security Research Team
http://www.gulftech.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Plaintext Password Vulnerability
------------------------------------
User info is stored in users.dat in plaintext. If the
anonymous account is present (it is by default) the
entire FTP server can be compromised
ftp://somewhere/program files/pablo's ftp service/users.dat
Default Anonymous Account
------------------------------------
The anonymous account is by default set to
have download access to anything in the C:directory. While this can be disabled by simply
deleting the anonymous account, it poses a
serious threat for anyone not aware of the problem.
ftp://somewhere/windows/repair/sam
In conclusion this application is totally open to
complete compromise by default. Vendor was notified
and plans on releasing a fix soon.
Credits
------------------------------------
Creits go to JeiAr of GulfTech Computers
and CSA Security Research Team
http://www.gulftech.org
[ reply ]