SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Novel Netware Allows Login Access With No Passwords
SecurityTracker Alert ID:  1001070
SecurityTracker URL:  http://securitytracker.com/id/1001070
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2001
Impact:   User access via network

Version(s): Netware 3.1-5.1
Description:   A vulnerability has been reported in the default configuration of Novell Netware that allows login access with no passwords.

An unauthorized user can log into a Novell Netware network by using a Print Server as the username. Under a default configuration, Novell Print Servers have blank passwords. If a password is assigned, Novell Print Servers do not have intruder detection capability as a user account would, so the Print Server accounts are vulnerable to a brute force password guessing attack without risk of account lockout. When a Print Server is logged into as a User, the account will have the same rights as are assigned to the container that it resides in.

The vendor was notified on November 2, 2000 but had not responded at the time of the report.

The information in the original report was supplied by Chris Hughes hughescj@usa.net.

Impact:   An attacker can log into a Netware network using a Print Server account and obtain the rights of the container that the Print Server resides in.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com (Links to External Site)
Cause:   Authentication error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Re: Novel Netware Allows Login Access With No Passwords
This is a follow-up message in which a user reports success in trying this vulnerability under Netware 4.11 SP9.
Re: Novel Netware Allows Login Access With No Passwords
This is a follow-up message in which a user reports sucess in tesing this exploit with NW 5.1 SP2a using a queue based Print Server object.
Re: Novel Netware Allows Login Access With No Passwords
This is a follow-up message. A user reports success (with limitations) in testing this on 4.11 sp9 & 5.0 sp6a.
Re: Novel Netware Allows Login Access With No Passwords
This is a follow-up message in which a user describes a potential exploit scenario.
Re: Novel Netware Allows Login Access With No Passwords
This is a follow-up message in which a user describes that this vulnerability has been used to fill up the print queue directory with non-printer related files.



 Source Message Contents

Subject:  Vulnerability in Novell Netware


The information in this advisory was supplied by Chris Hughes <hughescj@usa.net>.
This security advisory is not endorsed by Security-Focus.com.

Vulnerability in Novell Netware

Date Published: 03/08/01

Advisory ID: n/a

Bugtraq ID: 2446

CVE CAN: None currently assigned.

Title: Novell Netware Print Server Vulnerability

Class: Configuration Error

Remotely Exploitable: Yes

Locally Exploitable: Yes

Vulnerability Description: Novell Netware allows a user to log into a
Novell Network by using a Printer Server as the username.  By default,
Novell Print Servers have blank passwords.  In addition, Novell Print
Servers do not have intruder detection capability as a user account would,
so they are vulnerable to a brute force attack without risk of account
lockout. When a Print Server is logged into as a User, the account will
have the same rights as are assigned to the container that it resides in.

Vulnerable Packages/Systems: Novell Netware 3.1-5.1

Solution/Vendor Information/Workaround: Vendor has not responded yet.

Vendor notified on: 11/02/00

Credits: Discovered by Chris Hughes <hughescj@usa.net>

This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail vulnhelp@securityfocus.com.

--
SecurityFocus.com
Vulnerability Help Team


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC