SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Lil' HTTP Server Vendors:   Summit Computer Networks
Lil' HTTP Server Discloses Web Server Passwords to Local Users
SecurityTracker Alert ID:  1007470
SecurityTracker URL:  http://securitytracker.com/id/1007470
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 11 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 2.2c
Description:   CyberTalon reported a vulnerability in the Lil' HTTP Server. A local user can view passwords for web server users.

It is reported that the server stores usernames and passwords in clear text in the 'LilHTTP.USR' file. A local user can view the passwords.

Impact:   A local user can view passwords for the web server users.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.summitcn.com/lilhttp/lildocs.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Lil' HTTP Server 2.2c Local Password Vulnerability


              Lil' HTTP Server 2.2c Local Password Vulnerability
                        Found by: CyberTalon

1. Intro
2. Problem
3. Solution
4. Ending
5. Info

1. I have found a local password vulnerability for Lil' HTTP Server 2.2c.

2. It stores usernames and passwords, in clear-text, in the LilHTTP.USR
file.

3. They need to use encrption when storing sensitive data.

4. This could enable an attacker with read access to this file to compromise
the server.

5. Vendor URL: www.summitcn.com

-CT

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC