Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability

2001-07-25T00:00:00
ID EDB-ID:21027
Type exploitdb
Reporter 3APA3A
Modified 2001-07-25T00:00:00

Description

Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability. CVE-2001-1106. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/3095/info

Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.

Sambar Server provides insecure default protection for user passwords.

The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted.

Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/21027.zip