Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

iXsecurity.20001107.compaq-wbm.a

🗓️ 14 Nov 2000 00:00:00Reported by Ian VitekType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Vulnerability in Compaq Web-Based Management exposes system files, disable Web Agent for safety.

Code
`iXsecurity Security Vulnerability Report  
No: iXsecurity.20001107.compaq-wbm.a  
====================================  
  
Vulnerability Summary  
---------------------  
  
Problem: The default installation of Compaq Web-Based  
Management on a Netware server reveals  
sensitive system files  
  
Threat: Anyone that has access to port 2301 on a  
Netware server can read the system  
password (Remote Console password)  
  
Platform: Compaq Web-Based Management on Netware  
(Software version 2.28 verified)  
  
Solution: Disable the Web Agent  
  
Vulnerability Description  
-------------------------  
http://netware.server.with.CWBM:2301/survey is  
accessible for everyone by default and contains  
sensitive system files:  
SYS:\SYSTEM\AUTOEXEC.NCF  
SYS:\ETC\NETINFO.CFG.  
The system password (Remote Console password)  
and other passwords (SNMP ControlCommunity)  
may be in clear text in any of these files.  
  
Solution  
--------  
Compaq recommend that you disable the web agent  
until a resolution has been provided.  
  
Additional Information  
----------------------  
Many administrators install Compaq Web-Based Management  
by default when they are installing Netware on a Compaq  
machine. Web-Based Management listens on port 2301 and  
anonymous access is allowed by default. iXsecurity have  
to point out that none of our customers have changed  
any Compaq user password until the first audit report  
arrived.  
Some Compaq installations have ports 49400 and 49401 open  
too. These ports are not verified.  
  
Vendor response  
---------------  
Mr. Vitek,  
  
This is a known issue with an advisory available on the Compaq website as  
indicated below:  
  
http://www5.compaq.com/products/servers/management/security.html  
  
Until a resolution has been provided, it would be recommended that you  
disable the web agents as indicated in that advisory.  
  
Thank You,  
Compaq eServices  
TRACKING NUMBER: A00000367277-00001144068  
---------------  
  
//Ian Vitek  
mailto:[email protected]  
  
-------------------------------  
iXsecurity (former Infosec) is a Swedish and United  
Kingdom based tigerteam that have worked with computer-  
related security since 1982 and done technical security  
audits (pentests) since 1996. iXsecurity is now searching  
for co-workers in Sweden and UK.  
Call Stafferod for more information  
tel: +46-8-6621070  
mailto:[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Nov 2000 00:00Current
7.4High risk
Vulners AI Score7.4
compaqweb-based managementnetware serversensitive filesdisable agentremote password.
24