FTP GLIDE Discloses Passwords to Local Users
|
|
SecurityTracker Alert ID: 1010776
|
|
SecurityTracker URL: http://securitytracker.com/id?1010776
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 26 2004
|
Impact: Disclosure of authentication information
|
Exploit Included: Yes
|
Advisory: Global Security Solution IT (GSSIT)
|
Version(s): 2.43
|
Description: Ziv Kamir of Global Security Solution IT reported a vulnerability in the FTP GLIDE client software. A local user can view passwords.
It is reported that the FTP GLIDE client stores usernames and passwords in clear text in the following file:
\Program Files\FTPGlide\[Profile
Name].ftp
A local user can view the passwords in the file.
The vendor was reportedly notified on July 21, 2004.
|
Impact: A local user can view passwords used by users of the FTP GLIDE client.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.ftpglide.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
Reported By: GSS IT <gss_it@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 26 Jul 2004 06:23:55 -0700 (PDT)
From: GSS IT <gss_it@yahoo.com>
Subject: FTP Glide
|
This is a multi-part message in MIME format.
--------------030302040100050301020202
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 26 Jul 2004 06:23:55 -0700 (PDT)
From: GSS IT <gss_it@yahoo.com>
------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
<http://us.rd.yahoo.com/mail_us/taglines/new/*http://promotions.yahoo.com/new_mail>
--------------030302040100050301020202
Content-Type: text/plain;
name="FtpGlide.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="FtpGlide.txt"
26/07/04
====================================
GSSIT - Global Security Solution IT
====================================
-------------------------------------------------------
Application: FTP GLIDE
Web Site: http://www.ftpglide.com
Versions: 2.43
Platform: Windows
Bug: Clear Text Passwords .
Credits:
########
#########################################
# == Ziv Kamir == #
# #
# GSSIT - Global Security Solution IT #
# #
# Email : gss_it@yahoo.com #
# #
# #
#########################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
FTP GLIDE is a Full-Featured FTP (File Transfer Protocol) Client Software.
FTP GLIDE can be used to connect to an FTP server and transfer files from or to the server.
======
2) Bug
======
FTP GLIDE stores usernames and passwords in clear text under :
\Program Files\FTPGlide\[Profile Name].ftp
===========
3) The Code
===========
There is no exploit code required to take advantage of this vulnerability.
===========
4) The Fix
===========
Date of Vendor Notification:
21-07-04
Status:
24-07-04
Thank you for your assistance
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without warranty of any
kind. In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages.
==============================================================================================
--------------030302040100050301020202--
|
|
