LocalWEB2000 Web Server Discloses Plaintext Passwords to Remote Users
SecurityTracker Alert ID: 1005830|
SecurityTracker URL: http://securitytracker.com/id/1005830
(Links to External Site)
Updated: Jun 3 2008|
Original Entry Date: Dec 18 2002
Disclosure of authentication information, User access via network|
Vendor Confirmed: Yes Exploit Included: Yes |
A password vulnerability was reported in the LocalWEB2000 web server. A remote user can obtain the web server password file, containing plain text passwords.|
iDEFENSE reported that a remote user can submit an HTTP request for the 'users.lst' file in the web root directory to obtain the password file. The file contains unencrypted passwords. With access to these passwords, the remote user can then gain access to all protected virtual directories on the web server.
A remote user can obtain the password file, containing plaintext passwords for the web server.|
No solution was available at the time of this entry. According to the report, the vendor has stated that they are unable to support the current release of LocalWEB 2000.|
Vendor URL: www.intranet-server.co.uk/index1.asp (Links to External Site)
Access control error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: iDEFENSE: LocalWEB 2000 Insecure Password Storage|
-----BEGIN PGP SIGNED MESSAGE-----
iDEFENSE Security Advisory 12.16.02d:
LocalWEB 2000 Insecure Password Storage
December 16, 2002
Philip Curnow's LocalWEB2000 is an HTTP server for Microsoft Corp.'s
Windows operating system. More information is available at
Issuing a URL request such as http://localweb.http.server/users.lst to a
vulnerable LocalWEB 2000 server can allow access to the plaintext password
file stored within (this is the document root directory, i.e. C:\Program
Access to the password file allows an attacker to potentially gain access
to all protected virtual directories on an affected LocalWEB 2000 server.
LocalWEB2000 Professional 2.1.0 is affected. To determine susceptibility,
attempt to retrieve the /users.lst file via a web session.
Under LocalWEB's configuration settings, change the document root virtual
directory to a less predictable folder.
VI. VENDOR RESPONSE
Curnow said he is unable to currently support the current release of
VII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project has
assigned the identification number CAN-2002-1353 to this issue.
VIII. DISCLOSURE TIMELINE
08/29/2002 Issue disclosed to iDEFENSE
09/24/2002 Author notified (firstname.lastname@example.org)
09/25/2002 Response from Author
09/25/2002 iDEFENSE clients notified
09/25/2002 - 12/10/2002 iDEFENSE and Author Communication
12/16/2002 Public Disclosure
Tamer Sahin (email@example.com) discovered this vulnerability.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----