Netscape SuiteSpot Read/Writeable Admin Password Vulnerability
BID:1579
Info
Netscape SuiteSpot Read/Writeable Admin Password Vulnerability
| Bugtraq ID: | 1579 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 11 2000 12:00AM |
| Updated: | Jul 11 2000 12:00AM |
| Credit: | Announced in a Securax advisory on July 11, 2000. |
| Vulnerable: |
Netscape SuiteSpot 3.5 Standard Netscape SuiteSpot 3.5 Professional |
| Not Vulnerable: | |
Discussion
Netscape SuiteSpot Read/Writeable Admin Password Vulnerability
Netscape's SuiteSpot server includes a web administration package. The username and encrypted password for the Administrator account is kept in a world-readable file at (webroot)/admin-serv/config/admpw. In addition, the file is installed by default with write permissions for all local users.
Netscape's SuiteSpot server includes a web administration package. The username and encrypted password for the Administrator account is kept in a world-readable file at (webroot)/admin-serv/config/admpw. In addition, the file is installed by default with write permissions for all local users.