[VulnWatch] [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability

From: Tamer Sahin (ts@securityoffice.net)
Date: 09/25/02


Date: Wed, 25 Sep 2002 21:32:25 +0300
From: Tamer Sahin <ts@securityoffice.net>
To: vulnwatch@vulnwatch.org


-----BEGIN PGP SIGNED MESSAGE-----

- --[ Webserver 4D v3.6 Weak Password Preservation Vulnerability ]--

- --[ Type

Design Error

- --[ Release Date

September 25, 2002

- --[ Product / Vendor

Webserver 4D by MDG Computer Services, Inc. is an complete Web Server
environment written entirely on top of 4th Dimension, a very powerful relational
database for Machintosh and Windows NT. Running on top a database means
your server can detect if someone is a new user, how many times a page has
been accessed and much more.

Web Server 4D currently has three optional modules that are built-in to every
copy of Web Server 4D.

The three modules are:

- - WS4D/eCommerce
- - WS4D/SSL
- - WS4D/Email-Search

http://www.mdg.com

- --[ Summary

WS4D webserver saves the passwords somewhere insecure. in WS4D "Ws4d.4DD"
(C:\Program Files\MDG\Web Server 4D 3.6.0\Ws4d.4DD) file can be opened any
text editor and the usernames and the passwords can be view clearly.

The passwords, usernames, and the modules that these depend on;

Storefronts Passwords (eCommerce Module):

StoreFronts is the area in WS4D/eCommerce that identifies each storefront. Credit Card
processing. Shipping Information, Address, Phone, passwords and other information are
collected for each storefront.

WS4D Web Server Authentication Mechanism:

Web Server 4D supports basic HTTP Authentication. Which supports realms, users and
groups. When security is acticated for a realm, a dialog box will be presented to client
asking for a valid name and password. After a valid name and password is entered, the
requested page will be displayed.

Console Password (Hide Menus):

The Hide Menus option will hide all the WS4D menus until the Show Menus option is
selected. This feature is useful for co-located WS4D servers or if you require additional
security at the console for your server. Since, all the menus are hidden, all WS4D settings
and databases will be hidden/protected.

Database Administrator Password:

Web Server 4D has the ability to publish unlimited databases with ease. WS4D intruces a
new way to publish unlimited databases on the web, via HTML. Setup of the database,
specifying fields to use, which forms to use, which fields are required are all defined in HTML
hidden fields.

- --[ Tested

Webserver 4D 3.6 / Windows 2000 sp3

- --[ Vulnerable

Webserver 4D 3.6 / Windows 2000 sp3

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the
information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback@securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided that
such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBPZIBOvpL5ibJRTtBAQFR1wf/YdSVx5QNs0si9Xl863a7RoaHeH+evY3x
2HC906ddMPV5F27ZzlV/bg0Go37VSThOFBKS1yHcGZiiIpP+STg2/aae6TD/Vu8+
/4atw1tyl4oPBQYzr3hMr0eT/LNQkpPp6CkyptrwbYdsE5lqw8E2m1+hq3swa++Z
dH0YqaD/dQnYaS3Odddx2U6OVOj3zRvC1037/pvXJ4yzEce6r4Y7nNel2BJZxWgl
NW4BeLPpCIIfN7HenzcV/LMa2CBn8T3STuTgXKqq0JjjO8SAA4lwo2a9LuodPA3s
80/TY0N+aqAGNzRqwn9GH5cfqKtIqSy7dlqhD0TyvDpx3yrNhA3iJw==
=megQ
-----END PGP SIGNATURE-----



Relevant Pages

  • [NT] Webserver 4D Weak Password Preservation Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... complete Web Server environment written entirely on top of 4th Dimension, ... WS4D web server saves the passwords somewhere insecure. ...
    (Securiteam)
  • Re: Re: Need info, books, articles,code, etc: Access VBA to XML to/from MySQL via HTTP
    ... read, update, add and delete records located in tables in a MySQL database ... on a Web server on the Internet directly from my desktop Access application, ... the workstation needs a secure shell client running in order to enable the ... the MySQL database on your workstation ...
    (comp.databases.ms-access)
  • [Full-Disclosure] [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability
    ... Webserver 4D by MDG Computer Services, Inc. is an complete Web Server ... database for Machintosh and Windows NT. ... WS4D webserver saves the passwords somewhere insecure. ... When security is acticated for a realm, a dialog box will be presented to client ...
    (Full-Disclosure)
  • Re: Nested PHP
    ... And at the third level I can set SQL permissions so that if a program bug renders than accessible, they cant be loaded with the SQL permissions the user has either. ... Simply uploading malware into the web server hierarchy wont change the way the site behaves. ... Code has to be uploaded through a custom interface that isn't even on the same site as the web server, and all code changes can be recorded in the same database. ... Code and data are separately modified through secure programs designed to allow just enough access to do the job. ...
    (comp.lang.php)
  • Re: Auto_new VBA to autoname a document and autosave to a specific
    ... Window's Registry. ... You say that it errors when coming across the first PrivateProfileString ... When a database is on a different server from the Web server. ...
    (microsoft.public.word.vba.general)