[NT] 1st Choice FTPPro Stores Passwords Insecurely
From: support@securiteam.comDate: 08/01/01
- Next message: support@securiteam.com: "[NT] Multiple Windows-Based FTP Servers Vulnerable to DoS under Windows 98"
- Previous message: support@securiteam.com: "[NT] Multiple Remote DoS Vulnerabilities in Microsoft DCE/RPC Daemons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NT] 1st Choice FTPPro Stores Passwords Insecurely Message-Id: <20010801202435.5109C13901@mail.der-keiler.de> Date: Wed, 1 Aug 2001 22:24:35 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
1st Choice FTPPro Stores Passwords Insecurely
------------------------------------------------------------------------
SUMMARY
1st Choice's <http://www.ftppro.com> FTPPro looks and feels just like
Windows Explorer, and allows you to transfer files to and from FTP sites.
A security vulnerability in the program exposes usernames and passwords
used in the product.
DETAILS
Vulnerable systems:
1st Choice FTPPro version 8.20
1st Choice FTPPro stores passwords in plaintext. The file FTPPro uses is
called "Profiles.dat" that is located in the default installation folder.
Here's a hex dump of an example file with two different profiles:
00000000 A286 0100 0000 0000 0E53 616D 706C 6520 .........Sample
00000010 5072 6F66 696C 6511 6674 702E 6D69 6372 Profile.ftp.micr
00000020 6F73 6F66 742E 636F 6D01 0000 0000 0000 osoft.com.......
00000030 144D 6963 726F 736F 6674 2773 2046 5450 .Microsoft's FTP
00000040 2053 6974 6501 0000 0001 0000 0012 6461 Site.........da
00000050 6E69 656C 2E77 6973 6368 6E65 7773 6B69 niel.wischnewski
00000060 1366 7470 2E77 6973 6368 6E65 7773 6B69 .ftp.wischnewski
00000070 2E6E 6574 0000 0000 0472 6F6F 7405 3331 .net.....root.31
00000080 3333 3700 0000 0000 0000 0000 00 337..........
Analysis:
1st profile:
Profile name: Sample Profile
FTP address : ftp.microsoft.com
User id and password is not set and FTPPro will submit username
"anonymous" and the
password "IEUser@".
2nd profile:
Profile name: daniel.wischnewski
FTP address: ftp.wischnewski.net
User id: root
Password: 31337
An intruder can easily gain access to sensitive information such as
usernames and passwords for internet domains.
ADDITIONAL INFORMATION
The information has been provided by <mailto:daniel@wischnewski.net>
Daniel Wischnewski.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[NT] Multiple Windows-Based FTP Servers Vulnerable to DoS under Windows 98"
- Previous message: support@securiteam.com: "[NT] Multiple Remote DoS Vulnerabilities in Microsoft DCE/RPC Daemons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
