YAK! 2.1.0 still vulnerable

2003-11-20T00:00:00
ID SECURITYVULNS:DOC:5427
Type securityvulns
Reporter Securityvulns
Modified 2003-11-20T00:00:00

Description

YAK! 2.1.0 still vulnerable

for file transfer yak uses ftp mode. Yak! listens on port 3535 for file transfer in ftp mode.

vulnerability in the previous version was, they were using constant username and pass combination for ftp login.

2.1.0 version seems to overcome the constant pass problem. but still it is using constant username.

USER : y049575046

i tested with 2 pcs ... and got varing pass for each of them.

PASS : 24151.0y0495 ----> pc 1 PASS : 24251.0y0505 ----> pc 2

the passwords seem to maintain a special pattern still.

TO FIND PASSWORD

it's just as easy as sniffing with a sniffer.

personally i prefer ethereal.

set filter as the following :

src host 192.168.0.151 && (dst port 3535)

where the <src host> is ur own pc. now sending the victim any file will make ethereal capture the packets. decoding the packets as FTP will show the username / password combination in cleartext.