Microsoft FrontPage Extensions .pwd File Permissions Vulnerability
BID:1205
Info
Microsoft FrontPage Extensions .pwd File Permissions Vulnerability
| Bugtraq ID: | 1205 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 26 1998 12:00AM |
| Updated: | Apr 26 1998 12:00AM |
| Credit: | Posted to BugTraq April 26, 1998 by chameleon <[email protected]> |
| Vulnerable: |
Microsoft FrontPage 98 Server Extensions for IIS Microsoft FrontPage 1.1 |
| Not Vulnerable: | |
Discussion
Microsoft FrontPage Extensions .pwd File Permissions Vulnerability
Unspecified versions of Frontpage extensions for unix have been reported to create a readable (and occasionally writable) file called "services.pwd" which contains encrypted password and account information. These appear to be created in various directories and have been reportedly found by "find / -name service.pwd -print". Additionally, it is reported that unspecified versions of Frontpage Extensions create a file "/_vti_pvt/administrators.pwd" which often has improper permissions set. This can be retrieved remotely via the URL "http://www.yourhost.com/_vti_pvt/administrators.pwd".
Version information and verification of these issues could not be obtained.
Unspecified versions of Frontpage extensions for unix have been reported to create a readable (and occasionally writable) file called "services.pwd" which contains encrypted password and account information. These appear to be created in various directories and have been reportedly found by "find / -name service.pwd -print". Additionally, it is reported that unspecified versions of Frontpage Extensions create a file "/_vti_pvt/administrators.pwd" which often has improper permissions set. This can be retrieved remotely via the URL "http://www.yourhost.com/_vti_pvt/administrators.pwd".
Version information and verification of these issues could not be obtained.
Exploit / POC
Microsoft FrontPage Extensions .pwd File Permissions Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft FrontPage Extensions .pwd File Permissions Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Microsoft FrontPage Extensions .pwd File Permissions Vulnerability
References:
References: