Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.WFTP.NASL
HistoryJun 22, 1999 - 12:00 a.m.

WFTP Unpassworded Guest Account

1999-06-2200:00:00
This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
www.tenable.com
33
JSON

The remote FTP server accepts any user/password combination. This can allow remote attackers to access the FTP account, which can lead to information disclosure and uploads of arbitrary files on the remote host.

#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if (description)
{
  script_id(10305);
  script_version("1.31");
  script_cvs_date("Date: 2018/08/15 16:35:43");

  script_cve_id("CVE-1999-0200");
  script_bugtraq_id(80910);

  script_name(english:"WFTP Unpassworded Guest Account");
  script_summary(english:"Checks if any account can access the FTP server.");

  script_set_attribute(attribute:'synopsis', value:
"The remote FTP service allows access without authentication through a
guest account.");
  script_set_attribute(attribute:'description', value:
"The remote FTP server accepts any user/password combination. This can
allow remote attackers to access the FTP account, which can lead to
information disclosure and uploads of arbitrary files on the remote
host.");
  script_set_attribute(attribute:'solution', value:
"Upgrade to a supported version of Windows or disable the FTP server.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"vuln_publication_date", value:"1999/01/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22");

  script_set_attribute(attribute:"default_account", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FTP");

  script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");

  script_dependencie("DDI_FTP_Any_User_Login.nasl", "ftpserver_detect_type_nd_version.nasl");
  script_require_ports("Services/ftp", 21);
  script_exclude_keys("global_settings/supplied_logins_only");

  exit(0);
}

#
# The script code starts here
#
include("audit.inc");
include("global_settings.inc");
include('ftp_func.inc');
include('misc_func.inc');

port = get_ftp_port(default:21);
if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

if (get_kb_item('ftp/'+port+'/AnyUser'))
  audit(AUDIT_FTP_RANDOM_USER, port);

soc = open_sock_tcp(port);
if (!soc)  audit(AUDIT_SOCK_FAIL, port);

user = rand_str(length:8);
pass = rand_str(length:8);

if (ftp_authenticate(socket:soc, user:user, pass:pass))
{
  if (report_verbosity > 0)
  {
    report =
      '\n' +
      'Nessus was able to gain access using the following information :\n' +
      '\n' +
      '  User     : ' + user + '\n' +
      '  Password : ' + pass + '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "FTP", port);

Related

cve 1
cve
cve
CVE-1999-0200
1999-01-01 05:00:00
JSON
Related for WFTP.NASL
cve1