acFTP Server Authentication Flaw May Give Remote Users Access Without Requiring Valid Authentication
|
|
SecurityTracker Alert ID: 1005689 |
|
SecurityTracker URL: http://securitytracker.com/id/1005689
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 24 2002
|
Impact:
User access via network
|
Exploit Included: Yes
|
|
Description:
A vulnerability was reported in the acFTP FTP server for Windows-based systems. A remote user can gain access to the server without providing a valid password.
It is reported that there is a flaw in the authentication process. A remote user can supply an incorrect password that will be rejected by the system. After that point, all of the user's actions that are logged by the system will be logged with the supplied user name.
|
Impact:
A remote user may be able to gain access to the system without supplying a valid password.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: sourceforge.net/projects/acftp (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 23 Nov 2002 19:58:27 -0600
Subject: [Full-Disclosure] acFTP Authentication Issue
|
acFTP is an open-source FTP daemon for Windows platforms
(http://www.sourceforge.net/projects/acftp) that offers more functionality
than many proprietary servers (including the MS FTP service). The
authentication code of acFTP contains a flaw -- specifically, the server
treats users as logged in without a valid password. This results in
mis-representation of server activity in log files, and possibly privilege
elevation.
For example:
USER private
PASS #
This leads it to reject my password, but I can not log in with another set
of credentials, and my log activity appears as "private" instead of the
appropriate "-" or "***".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
