[23524] in bugtraq
Novell Groupwise servlet gateway default username and password
daemon@ATHENA.MIT.EDU (AGray@novacoast.com)
Mon Dec 17 14:34:59 2001
To: bugtraq@securityfocus.com
Message-ID: <OF25CEA9A1.F61AEAA4-ON88256B24.002668C9@novacoast.com>
From: AGray@novacoast.com
Date: Sat, 15 Dec 2001 23:14:08 -0800
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
OS Affected
NT/2000/Netware 5
Programs Affected
Groupwise 5.5 Enhancement Pack
Groupwise 6.0
Discussion
A default username and password exists that controls the servlet manager.
The servlet manager allows the configuration of the servlets to be loaded,
reloaded or unloaded. This is more of an annoyance than a exploit. The
ability to control and unload servlets allows an attacker to deny web based
services to users. This will prevent users from accessing mail or other
servlet based resources.
Exploit
http://server/servlet/ServletManager
username servlet
password manager
Solution
Change the password:
Edit the SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES file.
There is a section for ServletManager like the following:
# ServletManager servlet
servlet.ServletManager.code=com.novell.application.ServletGateway.ServletManager
servlet.ServletManager.initArgs=datamethod=POST,user=servlet,password=manager,bgcolor
#c0c0c0
servlet.ServletManager.preload=true
Novell Support
http://support.novell.com/
Adam Gray
CTO
Novacoast, Inc.
agray@novacoast.com
800-949-9933x4145
