[NT] Webserver 4D Weak Password Preservation Vulnerability
From: support@securiteam.comDate: 09/26/02
- Previous message: support@securiteam.com: "[UNIX] PHP Source Injection in phpWebSite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 26 Sep 2002 11:41:40 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Webserver 4D Weak Password Preservation Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.mdg.com/> Webserver 4D by MDG Computer Services, Inc. is an
complete Web Server environment written entirely on top of 4th Dimension,
a very powerful relational database for Macintosh and Windows NT. Running
on top a database means your server can detect if someone is a new user,
how many times a page has been accessed and much more.
Web Server 4D currently has three optional modules that are built-in to
every copy of Web Server 4D.
A vulnerability in the way the product stores its passwords have been
found, allowing a local attacker (or a user with file access) to gain an
insight to the password used by the product.
DETAILS
Vulnerable systems:
* Webserver 4D version 3.6
WS4D web server saves the passwords somewhere insecure. in WS4D "Ws4d.4DD"
(C:\Program Files\MDG\Web Server 4D 3.6.0\Ws4d.4DD) file can be opened any
text editor and the usernames and the passwords can be view clearly.
The passwords, usernames, and the modules that these depend on;
Storefronts Passwords (eCommerce Module):
StoreFronts is the area in WS4D/eCommerce that identifies each storefront.
Credit Card processing. Shipping Information, Address, Phone, passwords,
and other information are collected for each storefront.
WS4D Web Server Authentication Mechanism:
Web Server 4D supports basic HTTP Authentication. Which supports realms,
users and groups. When security is activated for a realm, a dialog box
will be presented to client asking for a valid name and password. After a
valid name and password is entered, the requested page will be displayed.
Console Password (Hide Menus):
The Hide Menus option will hide all the WS4D menus until the Show Menus
option is selected. This feature is useful for co-located WS4D servers or
if you require additional security at the console for your server. Since,
all the menus are hidden, all WS4D settings and databases will be
hidden/protected.
Database Administrator Password:
Web Server 4D has the ability to publish unlimited databases with ease.
WS4D introduces a new way to publish unlimited databases on the web, via
HTML. Setup of the database, specifying fields to use, which forms to use,
which fields are required are all defined in HTML hidden fields.
ADDITIONAL INFORMATION
The information has been provided by <mailto:ts@securityoffice.net> Tamer
Sahin.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] PHP Source Injection in phpWebSite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
