SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   DelphiTurk FTP Vendors:   delphiturk.com
DelphiTurk FTP Discloses Passwords to Local Users
SecurityTracker Alert ID:  1013139
SecurityTracker URL:  http://securitytracker.com/id/1013139
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 10 2005
Impact:   Disclosure of authentication information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.0
Description:   Kozan reported a vulnerability in DelphiTurk FTP. A local user can obtain FTP passwords.

DelphiTurk FTP stores FTP account information, including usernames and passwords, in the 'profile.dat' file. The file is stored in the same directory as the executable.

The data is stored at the following byte locations:

2. byte = profilname (read 31 bytes)
32. byte = ftpserver (read 51 bytes)
82. byte = username (read 51 bytes)
133. byte = password (read 51 bytes)
392. byte = newprofilname...................

A local user can obtain passwords from the file.

Impact:   A local user can obtain FTP passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.delphikitabi.com/default.asp?dest=dtftp (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DelphiTurk FTP v1.0 discloses passwords to local users.


DelphiTurk FTP v1.0 discloses passwords to local users.


---------------------
Application:
---------------------
DelphiTurk FTP v1.0


---------------------
Introduction:
---------------------
DelphiTurk FTP v1.0 is a FTP Client.
Procuder: Delphiturk.com and Delphikitabi.com
http://www.delphikitabi.com/default.asp?dest=dtftp




---------------------
Bug:
---------------------
DelphiTurk FTP v1.0 ftp account, username and passwords can be viewed
in "profile.dat" file that is in the same directory of DelphiTurk FTP v1.0
with a hexeditor by a local user.


The "profile.dat" algorithm:

2.  	byte = profilname	(read 31 bytes)
32. 	byte = ftpserver	(read 51 bytes)
82.  	byte = username		(read 51 bytes)
133.	byte = password		(read 51 bytes)


392.	byte = newprofilname...................
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC