Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1166 |
Message | WEB-MISC ws_ftp.ini access |
Summary | This event is generated when an attempt is made to download the file ws_ftp.ini via a web request. |
Impact | Serious. Information Disclosure. |
Detailed Information | When a user of WS_FTP chooses "save password" when connecting to an FTP server, the password is stored in the file ws_ftp.ini which may be accessible via a web server. The stored passwords use a weak encryption scheme that is easy broken. |
Affected Systems | |
Attack Scenarios | An attacker might be able to retrieve the file, use one of the widely available password cracking tools and gain valid login information to the server. |
Ease of Attack | Simple. |
Corrective Action | Check the host for signs of compromise. Change all passwords used on the host. Disallow the use of ftp on the server, consider the use of scp to transfer files. |
Additional References | |
Rule References | bugtraq: 547 cve: 1999-1078 |
--
DID:496417
--
http://www.aanval.com/