Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (File Transfer/Sharing)  >   FtpXQ Vendors:   DataWizard Technologies
Data Wizard Technologies FtpXQ FTP Server Default Configuration Lets Remote Users Access the C:\ Drive
SecurityTracker Alert ID:  1003011
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 19 2001
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A default configuration vulnerability was reported in the Data Wizard FtpXQ FTP server. A remote user can read and write files on the C: drive.

It is reported that the default installation of the FtpXQ server gives anonymous users read/write access to the C: drive. In addition, a test account is created with the common username and password of "test". This test account also has read/write access to the C: drive.

Impact:   In the default configuration, a remote user can read and write to the C: drive without requiring authentication.
Solution:   The vendor plans to issue a fixed version that will ensure that, as a default configuration, anonymous users have read-only access. Furthermore, the installation process will display a note explicitly informing the administrator of the default account settings.
Vendor URL: (Links to External Site)
Cause:   Configuration error
Underlying OS:  Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.

 Source Message Contents

Date:  Tue, 18 Dec 2001 22:58:02 -0500
Subject:  FTPXQ default install read/write capabilities

FTPXQ default install read/write capabilities
by Brice Carlson

ftpXQ by

Upon default setup. Through anonymous and through the user name and pass of 
test you have read/write capabilities to drive c:

Vendor Notification Date.

December 4, 2001

Vendor Response to email.

Hi Brice, Yes, those IDs are configured by default to have access for the 
C:\ drive for the purpose of an administrator testing the server. We assume 
that every responsible administrator will run the server first in a test 
environment, and not in a production setting, or on an IP that is exposed to 
the internet. Administrators should obviously change the access for both of 
these accounts and/or change the User IDs before putting it into a 
production environment. As a result of your email however, we will change 
the default access for the anonymous user to be read only, as well as post a 
message at the end of the install noting the default access for the test 
users. Sincerely, Rahim

Rahim Mawji Director,
Applications Development
DataWizard Technologies
Phone: (416) 385-9741, x1013
Fax: (416) 385-9784

---end vendor response

Enough Said!

-- Brice Carlson

Get your FREE download of MSN Explorer at


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC