Meteor FTP Logon.lgn Password Disclosure

2003-08-11T13:02:01
ID OSVDB:2130
Type osvdb
Reporter OSVDB
Modified 2003-08-11T13:02:01

Description

Vulnerability Description

A vulnerability has been identified in Meteor FTP allowing malicious local users to see usernames and passwords if they can obtain a copy of the password file.

Technical Description

Usernames and passwords for the server are stored in a file called Logon.lgn, where the passwords are "scrambled". However, if the file is copied and opened on another Meteor FTP installation when the passwords are edited then they will be printed in plaintext.

Solution Description

A solution to the issue is currenty unavailable, however, a work around is to not allow untrusted users access to the system running Meteor FTP.

Short Description

A vulnerability has been identified in Meteor FTP allowing malicious local users to see usernames and passwords if they can obtain a copy of the password file.

Manual Testing Notes

Locally obtain Logon.lgn and copy it to another Meteor FTP installation. Access the Server -> Accounts menu, select a user and modify the entry. The user's password will then be displayed.

References:

Secunia Advisory ID:9513 ISS X-Force ID: 12871 Generic Informational URL: http://www.secunia.com/advisories/9513/ Generic Informational URL: http://www.securitytracker.com/alerts/2003/Aug/1007468.html