| VID |
21004 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The remote web server appears to be running with Frontpage extensions and lets the file 'administrators.pwd' to be downloaded by everyone. administrators.pwd contains the list of users and passwords for the FrontPage web and the file is used on Netscape servers.
The password files on Netscape servers only are:
/_vti_pvt/administrators.pwd for administrators
/_vti_pvt/authors.pwd for authors and administrators
/_vti_pvt/users.pwd for users, authors, and administrators
This files contains encrypted passwords which could be remotely retrieved by an attacker and cracked offline. If the passwords in this file are weak enough, or enough time is spent cracking them, the attacker could potentially obtain the cleartext password and use it to access resources on the server.
* See the following site for more information:
http://support.microsoft.com/support/frontpage/Q152306/default.asp
* References:
http://www.securityfocus.com/bid/1205
http://xforce.iss.net/xforce/xfdb/3390 |
| Recommendation |
1. If you do not require the functionality provided by FrontPage Server Extensions, remove all the files associated with FrontPage Server Extensions.
2. Make sure passwords chosen for FrontPage accounts are strong enough to subvert cracking attempts if the hashes are obtained by an attacker. Also, the permissions on the _vti_pvt directory and the *.pwd files therein should be modified to disallow remote attackers from retrieving them. This work-around may or may not adversely affect the normal operation of the FrontPage server.
3. Upgrade to the latest version with FrontPage Server extentions. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
