BlackMoon FTP Login Error Message User Enumeration
2003-05-27T00:00:00
ID BLACKMOON_FTP_USERS_ENUM.NASL Type nessus Reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-03-02T00:00:00
Description
The version of BlackMoon FTP running on the remote host issues a
special error message when a user attempts to log in using a
nonexistent account.
An attacker may use this flaw to make a list of valid accounts,
which can be used to mount further attacks.
#
# (C) Tenable Network Security, Inc.
#
# ref: https://marc.info/?l=bugtraq&m=105353283720837&w=2
#
include("compat.inc");
if(description)
{
script_id(11648);
script_cve_id("CVE-2003-0343");
script_bugtraq_id(7647);
script_xref(name:"Secunia", value:"8840");
script_version ("1.20");
script_name(english:"BlackMoon FTP Login Error Message User Enumeration");
script_summary(english:"Checks for the ftp login error message");
script_set_attribute(
attribute:"synopsis",
value:"The remote FTP server has a user enumeration vulnerability."
);
script_set_attribute( attribute:"description", value:
"The version of BlackMoon FTP running on the remote host issues a
special error message when a user attempts to log in using a
nonexistent account.
An attacker may use this flaw to make a list of valid accounts,
which can be used to mount further attacks." );
script_set_attribute(
attribute:"see_also",
value:"https://marc.info/?l=bugtraq&m=105353283720837&w=2"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to the latest version of BlackMoon FTP."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/05/27");
script_set_attribute(attribute:"vuln_publication_date", value: "2003/05/20");
script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"FTP");
script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ftpserver_detect_type_nd_version.nasl", "logins.nasl", "smtp_settings.nasl");
script_exclude_keys("global_settings/supplied_logins_only");
script_require_ports("Services/ftp", 21);
exit(0);
}
#
# The script code starts here :
#
include("audit.inc");
include("ftp_func.inc");
include("global_settings.inc");
if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);
port = get_ftp_port(default: 21);
soc = open_sock_tcp(port);
if (! soc) exit(1, "Cannot connect to TCP port "+port+".");
ftp_debug(str:"custom banner");
banner = ftp_recv_line(socket:soc);
if (!banner) exit(1, "Cannot read FTP banner from port "+port+".");
send(socket:soc, data:('USER nessus' + rand() + rand() + '\r\n'));
r = recv_line(socket:soc, length:4096);
if(!r)exit(0);
send(socket:soc, data:('PASS whatever\r\n'));
r = recv_line(socket:soc, length:4096);
if(!r) exit(0);
close(soc);
if("530-Account does not exist" >< r) security_warning(port);
{"id": "BLACKMOON_FTP_USERS_ENUM.NASL", "bulletinFamily": "scanner", "title": "BlackMoon FTP Login Error Message User Enumeration", "description": "The version of BlackMoon FTP running on the remote host issues a\nspecial error message when a user attempts to log in using a\nnonexistent account.\n\nAn attacker may use this flaw to make a list of valid accounts,\nwhich can be used to mount further attacks.", "published": "2003-05-27T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/11648", "reporter": "This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://marc.info/?l=bugtraq&m=105353283720837&w=2"], "cvelist": ["CVE-2003-0343"], "type": "nessus", "lastseen": "2021-03-01T01:25:28", "edition": 26, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0343"]}, {"type": "osvdb", "idList": ["OSVDB:12079"]}], "modified": "2021-03-01T01:25:28", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-03-01T01:25:28", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# ref: https://marc.info/?l=bugtraq&m=105353283720837&w=2\n#\n\n\ninclude(\"compat.inc\");\n\n\nif(description)\n{\n script_id(11648);\n script_cve_id(\"CVE-2003-0343\");\n script_bugtraq_id(7647);\n script_xref(name:\"Secunia\", value:\"8840\");\n script_version (\"1.20\");\n \n script_name(english:\"BlackMoon FTP Login Error Message User Enumeration\");\n script_summary(english:\"Checks for the ftp login error message\");\n\t \n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FTP server has a user enumeration vulnerability.\"\n );\n script_set_attribute( attribute:\"description\", value:\n\"The version of BlackMoon FTP running on the remote host issues a\nspecial error message when a user attempts to log in using a\nnonexistent account.\n\nAn attacker may use this flaw to make a list of valid accounts,\nwhich can be used to mount further attacks.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=105353283720837&w=2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to the latest version of BlackMoon FTP.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/05/20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\", \"logins.nasl\", \"smtp_settings.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ftp\", 21);\n exit(0);\n}\n\n#\n# The script code starts here : \n#\n\ninclude(\"audit.inc\");\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nport = get_ftp_port(default: 21);\n\nsoc = open_sock_tcp(port);\nif (! soc) exit(1, \"Cannot connect to TCP port \"+port+\".\");\n\n ftp_debug(str:\"custom banner\");\n banner = ftp_recv_line(socket:soc);\n if (!banner) exit(1, \"Cannot read FTP banner from port \"+port+\".\");\n send(socket:soc, data:('USER nessus' + rand() + rand() + '\\r\\n'));\n r = recv_line(socket:soc, length:4096);\n if(!r)exit(0);\n \n send(socket:soc, data:('PASS whatever\\r\\n'));\n r = recv_line(socket:soc, length:4096);\n if(!r) exit(0);\n close(soc);\n if(\"530-Account does not exist\" >< r) security_warning(port);\n\n", "naslFamily": "FTP", "pluginID": "11648", "cpe": [], "scheme": null, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}
{"cve": [{"lastseen": "2021-02-02T05:22:09", "description": "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.", "edition": 4, "cvss3": {}, "published": "2003-05-21T04:00:00", "title": "CVE-2003-0343", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0343"], "modified": "2016-10-18T02:32:00", "cpe": ["cpe:/a:selom_ofori:blackmoon_ftp_server:2.6"], "id": "CVE-2003-0343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0343", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "cvelist": ["CVE-2003-0343"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 12046\n[CVE-2003-0343](https://vulners.com/cve/CVE-2003-0343)\nBugtraq ID: 7647\n", "modified": "2003-05-20T00:00:00", "published": "2003-05-20T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12079", "id": "OSVDB:12079", "type": "osvdb", "title": "BlackMoon FTP Server Login Error Message Acount Existance Disclosure", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
