Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Lil' HTTP Server Vendors:   Summit Computer Networks
Lil' HTTP Server Discloses Web Server Passwords to Local Users
SecurityTracker Alert ID:  1007470
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 11 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 2.2c
Description:   CyberTalon reported a vulnerability in the Lil' HTTP Server. A local user can view passwords for web server users.

It is reported that the server stores usernames and passwords in clear text in the 'LilHTTP.USR' file. A local user can view the passwords.

Impact:   A local user can view passwords for the web server users.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Lil' HTTP Server 2.2c Local Password Vulnerability

              Lil' HTTP Server 2.2c Local Password Vulnerability
                        Found by: CyberTalon

1. Intro
2. Problem
3. Solution
4. Ending
5. Info

1. I have found a local password vulnerability for Lil' HTTP Server 2.2c.

2. It stores usernames and passwords, in clear-text, in the LilHTTP.USR

3. They need to use encrption when storing sensitive data.

4. This could enable an attacker with read access to this file to compromise
the server.

5. Vendor URL:


MSN 8 with e-mail virus protection service: 2 months FREE*


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC