RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
BID:1367
Info
RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
| Bugtraq ID: | 1367 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 09 2000 12:00AM |
| Updated: | Jun 09 2000 12:00AM |
| Credit: | Posted to BugTraq on June 9th 2000 by arkth <[email protected]> |
| Vulnerable: |
Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.2 alpha |
| Not Vulnerable: | |
Discussion
RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access log or by sniffing.
Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access log or by sniffing.
Exploit / POC
RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
---------[from /etc/httpd/logs/access_log]-----------
...
127.0.0.1 - piranha [19/May/2000:14:00:48 +0200] "GET
/piranha/secure/passwd.php3?try1=xxx&try2=xxx&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:14:01:03 +0200] "GET
/piranha/secure/passwd.php3?try1=yyy&try2=yyy&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:20:58:50 +0200] "GET
/piranha/secure/passwd.php3?try1=arkth&try2=arkth&passwd=ACCEPT
HTTP/1.0" 200 3120
...
---------[from /etc/httpd/logs/access_log]-----------
...
127.0.0.1 - piranha [19/May/2000:14:00:48 +0200] "GET
/piranha/secure/passwd.php3?try1=xxx&try2=xxx&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:14:01:03 +0200] "GET
/piranha/secure/passwd.php3?try1=yyy&try2=yyy&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:20:58:50 +0200] "GET
/piranha/secure/passwd.php3?try1=arkth&try2=arkth&passwd=ACCEPT
HTTP/1.0" 200 3120
...
Solution / Fix
RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
References:
References: