[NEWS] WatchGuard SOHO FTP Authentication Flaw
From: support@securiteam.comDate: 07/01/02
- Previous message: support@securiteam.com: "[NT] Sitespring Server Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 1 Jul 2002 21:23:45 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
WatchGuard SOHO FTP Authentication Flaw
------------------------------------------------------------------------
SUMMARY
A malicious user, with access to the internal network interface card would
not have to know the username to log on to the FTP service, and could
attempt to brute force the password and thus gain access to configuring
the firewall.
DETAILS
Vulnerable systems:
* WatchGuard SOHO Firewall, firmware 5.0.35a
Before going into detail with the problem, let us sum up the mitigating
factors:
- This attack could only be carried out by someone with access to the
Trusted Network interface.
- The attacker would still have to guess the password.
- If you are using this firewall at home, this is not likely to be a
problem for you.
The problem is that the FTP service is enabled as per default, because it
is used when the firmware is upgraded. The service gives the appearance of
being protected by both a username and a password, but it is only
necessary to know the correct password. If a user gains access to the FTP
service, he/she has full control over the firewall configuration.
To determine if you are vulnerable to this:
ftp -n your.soho.firewall
quote pass <your password>
ls
get wg.cfg
quit
Vendor Response:
This was reported to the vendor on 6 April 2002. There is currently no
scheduled release date for the next firmware version.
Corrective action:
The FTP service is only used when you need to upgrade the firmware. So
disable the FTP service, to prevent brute forcing access to the
configuration file:
1) Log on to the firewall http management service
2) Select "Firewall Options"
3) Make sure there is a tick next to the field "Do not allow FTP access to
Trusted Network interface"
ADDITIONAL INFORMATION
The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Sitespring Server Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
