Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
BID:1771
Info
Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
| Bugtraq ID: | 1771 |
| Class: | Design Error |
| CVE: |
CVE-2000-0954 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 09 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Posted to Bugtraq on October 9, 2000 by zillion <[email protected]>. |
| Vulnerable: |
Evolvable Shambala Server 4.5 |
| Not Vulnerable: | |
Discussion
Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
Shambala Server is a FTP, Web, and Chat server targeted for the Small Office/Home Office user.
Shambala Server stores all of its passwords in plaintext in the following default location:
C:\Program Files\Shambala\passwords.txt
These passwords could be used to gain full control over Shambala Server and possibly other services if the passwords have been reused.
Shambala Server is a FTP, Web, and Chat server targeted for the Small Office/Home Office user.
Shambala Server stores all of its passwords in plaintext in the following default location:
C:\Program Files\Shambala\passwords.txt
These passwords could be used to gain full control over Shambala Server and possibly other services if the passwords have been reused.
Exploit / POC
Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
See discussion.
See discussion.
Solution / Fix
Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
Solution:
Evolvable Corporation will be addressing this vulnerability in the upcoming release of Shambala Server.
Solution:
Evolvable Corporation will be addressing this vulnerability in the upcoming release of Shambala Server.
References
Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
References:
References:
- Shambala Server Product Homepage (Evolvable Corporation)