iPlanet CMS/Netscape Directory Server Plaintext Administrative Password Vulnerability

Bugtraq ID:	1852
Class:	Design Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Oct 25 2000 12:00AM
Updated:	Oct 25 2000 12:00AM
Credit:	Posted to Bugtraq by CORE-SDI <[email protected]> on October 26, 2000.
Vulnerable:	Netscape Directory Server 4.12 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 iPlanet E-Commerce Solutions iPlanet Certificate Management System 4.2 for Windows NT 4.0 - Microsoft Windows NT 4.0
Not Vulnerable:

iPlanet CMS/Netscape Directory Server Plaintext Administrative Password Vulnerability

Both iPlanet Certificate Management System (CMS) and Netscape Directory Server store its administrative password in plaintext under \admin-serv\config\adm.conf. Successful retrieval of the password would yield administrative control over the application. The password may be acquired by utilizing the techniques described in "iPlanet CMS/Netscape Directory Server Directory Traversal Vulnerability" (http://www.securityfocus.com/bid/1839).

iPlanet CMS/Netscape Directory Server Plaintext Administrative Password Vulnerability

See discussion.

iPlanet CMS/Netscape Directory Server Plaintext Administrative Password Vulnerability

Solution:
Patches for both iPlanet Certificate Management System and Netscape Directory Server can be found at the following location:

http://www.iplanet.com/downloads/patches/index.html

iPlanet CMS/Netscape Directory Server Plaintext Administrative Password Vulnerability

References:

• iPlanet CMS/Netscape Directory Server Directory Traversal Vulnerability (SecurityFocus)