SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   RobotFTP Vendors:   robotftp.com
RobotFTP Server Discloses Usernames and Passwords to Local Users
SecurityTracker Alert ID:  1007349
SecurityTracker URL:  http://securitytracker.com/id/1007349
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 31 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.0
Description:   CyberTalon reported an authentication information disclosure vulnerability in the RobotFTP Server. A local user can view usernames and passwords.

It is reported that the software stores passwords in plain text in the 'C:/Program Files/RobotFTPServer/rftpsrvr.bot' file. Once the RobotFTP Server has been shut down once (causing it to save the passwords), a local user can view the passwords.

Impact:   A local user can view passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.robotftp.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  RobotFTP Server Local Password Vulnerability



          RobotFTP Server 1.0 Local Password Vulnerablity
                       Found by: CyberTalon

1. Intro
2. Problem
3. Solution
4. Ending

1. RobotFTP Server has a local password vulnerability.

2. RobotFTP Server stores the login usernames and passwords in C:/Program
Files/RobotFTPServer/rftpsrvr.bot . RobotFTP has to be closed once for it to
save the information/file, then it will be accessible from there on.

3. They need to use encryption when storing information on that sort.

4. This could allow an attacker to compromise the server if they could get
to it, and read it out of the rftpsrvr.bot locally.

Vendor url: http://www.robotftp.com

-CT

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC