Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   Pablo's FTP Server Vendors:   Pablo Software Solutions
Pablo's FTP Server Discloses Passwords to Remote Authenticated Users and to Local Users
SecurityTracker Alert ID:  1006917
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 4 2003
Impact:   Disclosure of authentication information, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.2
Description:   Some vulnerabilities were reported in Pablo's FTP Server. A local user or a remote authenticated user can view passwords for the user accounts on the FTP server. The software also creates an anonymous account by default.

JeiAr of GulfTech Computers and CSA Security Research Team reported that the server stores user passwords in the 'users.dat' file in plain text. A remote authenticated user can download the file. A demonstration exploit URL is provided:

ftp://[target]/program files/pablo's ftp service/users.dat

It is also reported that, by default, the software creates an anonymous FTP account with download privileges for the 'C:\' directory.

The vendor has reportedly been notified.

Impact:   A remote authenticated user or a local user can view passwords for the FTP user accounts.
Solution:   No solution was available at the time of this entry. The vendor is reportedly working on a fix.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Vulnerabilities In Pablo Software Solutions FTP Service 1.2

Plaintext Password Vulnerability
User info is stored in users.dat in plaintext. If the
anonymous account is present (it is by default) the
entire FTP server can be compromised

ftp://somewhere/program files/pablo's ftp service/users.dat

Default Anonymous Account
The anonymous account is by default set to 
have download access to anything in the C:\
directory. While this can be disabled by simply
deleting the anonymous account, it poses a 
serious threat for anyone not aware of the problem.


In conclusion this application is totally open to
complete compromise by default. Vendor was notified
and plans on releasing a fix soon.

Creits go to JeiAr of GulfTech Computers 
and CSA Security Research Team


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC