SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Xynph FTP-Server Vendors:   Digital Sector
Xynph FTP Server Discloses Passwords to Local Users
SecurityTracker Alert ID:  1007467
SecurityTracker URL:  http://securitytracker.com/id/1007467
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 11 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 2.0
Description:   CyberTalon reported a password disclosure vulnerability in Xynph FTP Server. A local user can view user passwords.

It is reported that the server stores user passwords in clear text in the 'BKonten.xkd' file. A local user can view the passwords.

Impact:   A local user can view passwords for the FTP server users.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.digital-sector.de/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Xynph FTP Server 2 Local Password Vulnerability


             Xynph FTP Server 2 Local Password Vulnerability
                      Found by: CyberTalon

1. Intro
2. Problem
3. Solution
4. Ending
5. Info

1. I have found a local password vulnerability in Xynph FTP Server 2.

2. The server stores the usernames and passwords in BKonten.xkd, in clear
text.

3. They need to use encryption when storing sensitive information.

4. This could allow an attacker to compromise the server if the attacker
could read the file BKonten.xkd.

5. Vendor URL: www.digital-sector.de

-CT

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC