vqSoft vqServer Plaintext Password Vulnerability
BID:1068
Info
vqSoft vqServer Plaintext Password Vulnerability
| Bugtraq ID: | 1068 |
| Class: | Design Error |
| CVE: |
CVE-2000-0241 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 21 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Posted to Bugtraq on March 21, 2000 by Johan Nilsson <[email protected]>. |
| Vulnerable: |
vqSoft vqServer for Windows 1.9.55 vqSoft vqServer for Windows 1.9.9 |
| Not Vulnerable: | |
Discussion
vqSoft vqServer Plaintext Password Vulnerability
vqSoft vqServer stores its web server settings and passwords in plaintext format in the file server.cfg. If a remote or local user were to obtain read access to server.cfg, they would be able to seize control of the web server by connecting to the remote administration interface on port 9090 and supply the username and password acquired from server.cfg. server.cfg is normally located in the path \Program Files\vqserver\vq\server\cfg\.
vqSoft vqServer stores its web server settings and passwords in plaintext format in the file server.cfg. If a remote or local user were to obtain read access to server.cfg, they would be able to seize control of the web server by connecting to the remote administration interface on port 9090 and supply the username and password acquired from server.cfg. server.cfg is normally located in the path \Program Files\vqserver\vq\server\cfg\.
Exploit / POC
vqSoft vqServer Plaintext Password Vulnerability
No exploit is required for this vulnerability.
No exploit is required for this vulnerability.
Solution / Fix
vqSoft vqServer Plaintext Password Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
vqSoft vqServer Plaintext Password Vulnerability
References:
References:
- vqSoft vqServer Product Homepage (vqSoft)