SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   LocalWEB Vendors:   Curnow, P.
LocalWEB2000 Web Server Discloses Plaintext Passwords to Remote Users
SecurityTracker Alert ID:  1005830
SecurityTracker URL:  http://securitytracker.com/id/1005830
CVE Reference:   CVE-2002-1353   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Dec 18 2002
Impact:   Disclosure of authentication information, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.1.0
Description:   A password vulnerability was reported in the LocalWEB2000 web server. A remote user can obtain the web server password file, containing plain text passwords.

iDEFENSE reported that a remote user can submit an HTTP request for the 'users.lst' file in the web root directory to obtain the password file. The file contains unencrypted passwords. With access to these passwords, the remote user can then gain access to all protected virtual directories on the web server.

Impact:   A remote user can obtain the password file, containing plaintext passwords for the web server.
Solution:   No solution was available at the time of this entry. According to the report, the vendor has stated that they are unable to support the current release of LocalWEB 2000.
Vendor URL:  www.intranet-server.co.uk/index1.asp (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  iDEFENSE: LocalWEB 2000 Insecure Password Storage


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 12.16.02d:
http://www.idefense.com/advisory/12.16.02d.txt
LocalWEB 2000 Insecure Password Storage
December 16, 2002

I. BACKGROUND

Philip Curnow's LocalWEB2000 is an HTTP server for Microsoft Corp.'s
Windows operating system. More information is available at
http://www.intranet-server.co.uk .

II. DESCRIPTION

Issuing a URL request such as http://localweb.http.server/users.lst to a
vulnerable LocalWEB 2000 server can allow access to the plaintext password
file stored within (this is the document root directory, i.e. C:\Program
Files\LocalWEB\users.lst).

III. ANALYSIS

Access to the password file allows an attacker to potentially gain access
to all protected virtual directories on an affected LocalWEB 2000 server.

IV. DETECTION

LocalWEB2000 Professional 2.1.0 is affected. To determine susceptibility,
attempt to retrieve the /users.lst file via a web session.

V. WORKAROUND

Under LocalWEB's configuration settings, change the document root virtual
directory to a less predictable folder.

VI. VENDOR RESPONSE

Curnow said he is unable to currently support the current release of
LocalWEB 2000.

VII. CVE INFORMATION

The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project has
assigned the identification number CAN-2002-1353 to this issue.

VIII. DISCLOSURE TIMELINE

08/29/2002		Issue disclosed to iDEFENSE
09/24/2002		Author notified (philip@curnow37.freeserve.co.uk)
09/25/2002		Response from Author
09/25/2002		iDEFENSE clients notified
09/25/2002 - 12/10/2002	iDEFENSE and Author Communication
12/16/2002		Public Disclosure

IX. CREDIT

Tamer Sahin (ts@securityoffice.net) discovered this vulnerability.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPf4A//rkky7kqW5PEQKmYACfWO7A3gSPylUooS1Hb4AJwog5yKsAn1YV
HhU4HUFK2y+xAWy4OG4baC7q
=5DA7
-----END PGP SIGNATURE-----



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC