SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   CesarFTP Vendors:   ACLogic
(Local Password Disclosure Still Not Fixed) Re: CesarFTP Server Allows Remote Users to Obtain Files Located Anywhere on the Server's Drive and to Obtain FTP User Names and Passwords
SecurityTracker Alert ID:  1006804
SecurityTracker URL:  http://securitytracker.com/id/1006804
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 21 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 0.99g
Description:   In the original report, it was stated that a remote user who has access to a directory on the ftp server can use special characters to break out of the directory and traverse all directories on the server's hard drive. By exploiting this vulnerability, a remote user can also obtain usernames and passwords from the server.

In the original report [see the Message History], it was noted that CesarFTP v0.98b allowed remote users to traverse the directory structure. It was also noted that the system stores user passwords in a world-readable file without using encryption.

MegaHz has reported that version 0.99g (May 2003) is still vulnerable to the plaintext password disclosure flaw. The username pairs are reportedly stored in plaintext in the program directory (\program files\CesarFTP\settings.ini). A local user can view the contents of the file to obtain user passwords.

Impact:   A local user can obtain FTP usernames and passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.aclogic.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Me), Windows (95), Windows (98)

Message History:   This archive entry is a follow-up to the message listed below.
May 28 2001 CesarFTP Server Allows Remote Users to Obtain Files Located Anywhere on the Server's Drive and to Obtain FTP User Names and Passwords



 Source Message Contents

Date:  Tue, 20 May 2003 10:25:56 +0300
Subject:  Plaintext Password in Settings.ini of CesarFTP


Cesar FTP v0.99g (latest version)
an FTP Server by http://www.aclogic.com/
it saves the ftp password in file: 
c:\Program Files\CesarFTP\settings.ini
in plaintext:

....
Password= "lalala"
Login= "megahz"
Name= "megahz"
....


Discovered by MegaHz
www.megahz.org
megahz@megahz.org
www.cyhackportal.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC