Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ntop.advisory.txt

🗓️ 02 Aug 2000 00:00:00Reported by Cho Kyong-wonType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

ntop web mode vulnerability allows unauthorized access to traffic information and files.

Code
`================================================================================  
  
[ Hackerslab bug_paper ] ntop web mode vulnerabliity  
  
================================================================================  
  
  
  
Command : /sbin/ntop -w <port>  
  
  
SYSTEM : N/A  
  
  
INFO :  
  
ntop - display top network users   
  
  
-w  
Starts ntop  
in web mode. Users can attach their web  
browsers to the specified port and browse traffic infor­  
mation remotely. Supposing to start ntop  
at the port 3000  
(ntop -w 3000), the URL to access is http://host­  
name:3000/. The file ~/.ntop specifies the HTTP  
user/password of those people who are allowed to access  
ntop. If the ~/.ntop file is missing no security will be  
used hence everyone can access traffic information. A  
simple .ntop file is the following: # # .ntop File format  
# # user<tab>/<space>pw # # luca linux Please note  
that an HTTP server is NOT needed in order to use the  
program in interactive mode.* 'bdf' program has SUID permission.  
  
  
If use 'ntop' in web mode, it's web root is "/etc/ntop/html".  
  
It's web mode is not check URL path.  
  
So if URL is "http://URL:port/../../shadow", remote user will read all file.  
  
"everyone can access traffic information" !!!  
  
If ntop use for public, anyone read all files.  
  
==-------------------------------------------------------------------------------==  
*********  
* ** ** *  
* ** ** *  
* ******* *  
* ** ** * [email protected]  
* ** ** * [ http://www.hackerslab.org ]  
********* HACKERSLAB (C) since 2000  
==-------------------------------------------------------------------------------==  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Aug 2000 00:00Current
7.4High risk
Vulners AI Score7.4
ntop vulnerability web access unauthorized user data exposure security issue
25