[23553] in bugtraq
FTPXQ default install read/write capabilities
daemon@ATHENA.MIT.EDU (Brice Carlson)
Wed Dec 19 02:19:50 2001
From: "Brice Carlson" <tuck167@hotmail.com>
To: bugtraq@securityfocus.com
Date: Tue, 18 Dec 2001 22:58:02 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F133mNTf86D3ReqdDBc0000723a@hotmail.com>
FTPXQ default install read/write capabilities
by Brice Carlson
****
System
****
ftpXQ by www.datawizard.net
****
Problem
****
Upon default setup. Through anonymous and through the user name and pass of
test you have read/write capabilities to drive c:
****
Vendor Notification Date.
****
December 4, 2001
****
Vendor Response to email.
****
Hi Brice, Yes, those IDs are configured by default to have access for the
C:\ drive for the purpose of an administrator testing the server. We assume
that every responsible administrator will run the server first in a test
environment, and not in a production setting, or on an IP that is exposed to
the internet. Administrators should obviously change the access for both of
these accounts and/or change the User IDs before putting it into a
production environment. As a result of your email however, we will change
the default access for the anonymous user to be read only, as well as post a
message at the end of the install noting the default access for the test
users. Sincerely, Rahim
Rahim Mawji Director,
Applications Development
DataWizard Technologies
Phone: (416) 385-9741, x1013
Fax: (416) 385-9784
rmawji@datawizard.net www.datawizard.net
---end vendor response
****
Enough Said!
****
-- Brice Carlson
-- tuck167@hotmail.com
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
