[NT] Windows FTP "Network Place" Exposes Saved Passwords
From: support@securiteam.comDate: 12/22/01
- Previous message: support@securiteam.com: "[NT] Hot Key Permissions Bypass under Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 22 Dec 2001 13:27:52 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Windows FTP "Network Place" Exposes Saved Passwords
------------------------------------------------------------------------
SUMMARY
When adding a "Network Place" to "My Network Places" with a saved username
and password, it is possible to get Explorer to display the password in
clear text format by altering the path in the address bar.
DETAILS
Vulnerable systems:
Windows XP Professional
Windows 2000
Windows 98
Example:
FreeBSD server ftp.example.com
Home directory is /usr/home/someuser
Login name is someuser
Password is somepass
Double click on My Network Places.
Double Click on Add Network Place
Provide the internet address of ftp://ftp.example.com
Provide, when prompted, the username of someuser by deselecting anonymous
login. Windows will inform you that you will be prompted for a password.
You can select to "Open this network place when I click Finish" (although
it does not make a difference if you open the network place from this
dialog or later from the "My Network Places" window. When prompted,
provide your password. Click the checkbox that says, "Remember my
password".
You'll now be logged in and your address bar should read something like:
someuser@ftp.example.com/">ftp://someuser@ftp.example.com/
Note there is no password.
Click on the address bar and add, to the end of the address, ../ Your
address bar will change again but will not reveal the password.
someuser@ftp.someplace.com/../">ftp://someuser@ftp.someplace.com/../
Click on the address bar yet again and add, to the end of the address,
another ../ The title bar will now appear like this:
somepass@ftp.someplace.com/usr/home/someuser/../../">ftp://someuser:somepass@ftp.someplace.com/usr/home/someuser/../../
(NOTE: If you punch in the whole address complete with the dual ../../ at
the end, it doesn't show the password. It only occurs if you actually
enter the ../ once, press enter, add it again, and press enter again.)
ADDITIONAL INFORMATION
The information has been provided by <mailto:AHeck@ouc.bc.ca> Aaron Heck.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Hot Key Permissions Bypass under Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
