| VID |
16123 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Ariel FTP server is running with a known username and password set. Ariel is a document transmission system mostly used in the academic world. Ariel FTP server could be accessed with a known username and password. By connecting as the user 'document' (or 'ariel4') and with a hex encoded password based on the IP address of the host the user is connecting from, a remote attacker could log into the affected host and use its storage space.
* References:
http://www4.infotrieve.com/products_services/ariel.asp
* Platforms Affected:
infotrieve.com, Ariel FTP server Any version |
| Recommendation |
If it is possible, change the password for a known username to something difficult to guess, or restrict access to trusted IP addresses only. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
