(Local Password Disclosure Still Not Fixed) Re: CesarFTP Server Allows Remote Users to Obtain Files Located Anywhere on the Server's Drive and to Obtain FTP User Names and Passwords - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (File Transfer/Sharing) > CesarFTP

Vendors: ACLogic

(Local Password Disclosure Still Not Fixed) Re: CesarFTP Server Allows Remote Users to Obtain Files Located Anywhere on the Server's Drive and to Obtain FTP User Names and Passwords

SecurityTracker Alert ID: 1006804

SecurityTracker URL: http://securitytracker.com/id/1006804

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 21 2003

Impact: Disclosure of authentication information

Exploit Included: Yes

Version(s): 0.99g

Description: In the original report, it was stated that a remote user who has access to a directory on the ftp server can use special characters to break out of the directory and traverse all directories on the server's hard drive. By exploiting this vulnerability, a remote user can also obtain usernames and passwords from the server.

In the original report [see the Message History], it was noted that CesarFTP v0.98b allowed remote users to traverse the directory structure. It was also noted that the system stores user passwords in a world-readable file without using encryption.

MegaHz has reported that version 0.99g (May 2003) is still vulnerable to the plaintext password disclosure flaw. The username pairs are reportedly stored in plaintext in the program directory (\program files\CesarFTP\settings.ini). A local user can view the contents of the file to obtain user passwords.

Impact: A local user can obtain FTP usernames and passwords.

Solution: No solution was available at the time of this entry.

Vendor URL: www.aclogic.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (Me), Windows (95), Windows (98)

Message History: This archive entry is a follow-up to the message listed below.

CesarFTP Server Allows Remote Users to Obtain Files Located Anywhere on the Server's Drive and to Obtain FTP User Names and Passwords

Source Message Contents

Date: Tue, 20 May 2003 10:25:56 +0300
Subject: Plaintext Password in Settings.ini of CesarFTP


Cesar FTP v0.99g (latest version)
an FTP Server by http://www.aclogic.com/
it saves the ftp password in file: 
c:\Program Files\CesarFTP\settings.ini
in plaintext:

....
Password= "lalala"
Login= "megahz"
Name= "megahz"
....


Discovered by MegaHz
www.megahz.org
megahz@megahz.org
www.cyhackportal.com

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC