Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1103 |
Message | WEB-MISC Netscape admin passwd |
Summary | This event is generated when a client is requesting a file that may contain an administrator name and password. |
Impact | An attacker may be able to gain administrator access to your web server. |
Detailed Information | Some versions of Netscape Enterprise Server put a world readable text file containing the administrator user name and encrypted password in a standard location within the URI space. By acessing this, an attacker may be able to brute force guess or even decrypt the password. |
Affected Systems | Netscape Enterprise/3.6 SP3 Netscape Fasttrack/3.0.2 Netscape Messaging Server/3.6 Netscape Messaging Server/4.15p2 Netscape Collabra Server/3.54 |
Attack Scenarios | This is an information gathering operation that could allow an attacker to execute a brute force password guessing attack. |
Ease of Attack | Moderate. The file is easy enough to get access to, but the password is still encrypted. |
Corrective Action | Set appropriate permissions on this file or upgrade your web server software. |
Additional References | Secureiteam http://www.securiteam.com/securitynews/5OR040A1UG.html |
Rule References | bugtraq: 1579 nessus: 10468 |
--
DID:133838
--
http://www.aanval.com/