[NT] LocalWEB 2000 Insecure Password Storage

From: support@securiteam.com
Date: 12/20/02

  • Next message: support@securiteam.com: "[UNIX] Multiple Security Vulnerabilities in Common UNIX Printing System (CUPS)" 
    From: support@securiteam.com
To: list@securiteam.com
Date: 20 Dec 2002 01:15:35 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security would like to welcome Tiscali World Online
    to our service provider team.
    For more info on their service offering IP-Secure,
    please visit http://www.worldonline.co.za/services/work_ip.asp
    - - - - - - - - -

      LocalWEB 2000 Insecure Password Storage
    ------------------------------------------------------------------------

    SUMMARY

    Philip Curnow's <http://www.intranet-server.co.uk/> LocalWEB2000 is an
    HTTP server for Microsoft Corp.'s Windows operating system. Due to
    inadequate security permissions and improper handling the product's stored
    passwords can be easily retrieved.

    DETAILS

    Vulnerable systems:
     * LocalWEB2000 Professional version 2.1.0

    Issuing a URL request such as http://localweb.http.server/users.lst to a
    vulnerable LocalWEB 2000 server can allow access to the plaintext password
    file stored within (this is the document root directory, i.e. C:\Program
    Files\LocalWEB\users.lst).

    Analysis:
    Access to the password file allows an attacker to potentially gain access
    to all protected virtual directories on an affected LocalWEB 2000 server.

    Workaround:
    Under LocalWEB's configuration settings, change the document root virtual
    directory to a less predictable folder.

    Vendor response:
    Curnow said he is unable to currently support the current release of
    LocalWEB 2000.

    Disclosure timeline:
    08/29/2002 Issue disclosed to iDEFENSE
    09/24/2002 Author notified (philip@curnow37.freeserve.co.uk)
    09/25/2002 Response from Author
    09/25/2002 iDEFENSE clients notified
    09/25/2002 - 12/10/2002 iDEFENSE and Author Communication
    12/16/2002 Public Disclosure

    ADDITIONAL INFORMATION

    The original advisory can be downloaded from:
     <http://www.idefense.com/advisory/12.16.02d.txt>
    http://www.idefense.com/advisory/12.16.02d.txt

    The information has been provided by <mailto:listserv@idefense.com>
    iDEFENSE Labs, the vulnerability was discovered by
    <mailto:ts@securityoffice.net> Tamer Sahin.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

    Relevant Pages