SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Win FTP Vendors:   wftpserver.com
Win FTP Server Discloses Passwords to Local Users
SecurityTracker Alert ID:  1012321
SecurityTracker URL:  http://securitytracker.com/id/1012321
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 24 2004
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.6
Description:   Ziv Kamir of Global Security Solution IT reported a vulnerability in Win FTP Server. A local user can view passwords.

It is reported that usernames and passwords are stored in clear text in the following file:

\Program Files\WinFtp Server\data\user.wfd

A local user with privileges to access the directory can view the passwords.

The vendor was notified on November 14, 2004 without response.

Impact:   A local user may be able to view user passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL:  wftpserver.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  WinFTP


--0-1658399583-1101289692=:16437
Content-Type: text/plain; charset=us-ascii
Content-Id: 
Content-Disposition: inline

 
 


		
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 
--0-1658399583-1101289692=:16437
Content-Type: text/plain; name="WinFTP.txt"
Content-Description: WinFTP.txt
Content-Disposition: inline; filename="WinFTP.txt"

23/11/04


====================================
 GSSIT - Global Security Solution IT
====================================				

-------------------------------------------------------

Application: WinFTP Server 
Web Site:    www.wftpserver.com
Versions:    1.6
Platform:    Windows


Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #
#     Email : www.gssit.co.il           #
#                                       #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


===============
1) Introduction
===============

WinFTP Server is a multithreaded FTP server for Windows 98/NT/XP.
It comes with an easy to use interface and can be accessed from the system tray.

======
2) Bug
======

WinFTP Server stores usernames and passwords in clear text under :

\Program Files\WinFtp Server\data\user.wfd


===========
3) The Code
===========

There is no exploit code required to take advantage of this vulnerability.


===========
4) The Fix
===========

Date of Vendor Notification:

14-11-04

Status:


* No Response *


==============================================================================================

                 *** The Data is for educational purpose only. *** 

     The information in this bulletin is provided "AS IS" without warranty of any 
     kind. In no event shall we be liable for any damages whatsoever including 
     direct, indirect, incidental, consequential, loss of business profits or special damages. 

==============================================================================================
--0-1658399583-1101289692=:16437--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC