[25887] in bugtraq
Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password
daemon@ATHENA.MIT.EDU (ace)
Thu Jun 20 15:27:53 2002
Date: 20 Jun 2002 02:35:14 -0000
Message-ID: <20020620023514.5656.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: ace <ace@microsoft.ph>
To: bugtraq@securityfocus.com
Trippin Smurfs Security Team - 06/20/2002
http://www.t-smurfs.com/
[Securing by the masses, one box at a time.]
=============================
[~] Issue:
Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password Storage
===========
[~] Author:
ace | ace@microsoft.ph
===========
[~] Vulnerable:
Xitami Web Server (32-bit) 2.5b4 [http://www.imatix.com/]
===========
[~] Description:
Xitami is a multithreaded Web server. Though small and simple, Xitami is
robust enough to handle high-volume intranets.
Built from the ground up as a high-performance Web server engine, it pumps
data onto the network at top speed.
This means that it can serve large files quickly while handling many
simultaneous hits.
===========
[~] Bug:
Xitami web server suffers from poor password storage syndrome [ i know, i
made the name up ;) ].
===========
[~] Exploit:
Any local user could head out to C:\Xitami where the default installation
directory sits, and open "defaults.aut" a file name in the Xitami
directory.
This file has the administrators user/password saved in plain text!. Here
is what the file looks like:
----------------------------
# Created at installation time
#
[/Admin]
bob="lemonhead"
[Private]
Jacky=robusta
----------------------------
As you can see, no encryption at all is used and so technically this bug
is of "high severity".
===========
[~] Work Around:
Uninstall Xitami.
===========
[~] Vendor Status:
The Vendor has been contacted, still no reply on this issue, will update
this when vendor response is recieved.
============================
Trippin Smurfs - http://www.t-smurfs.com/
============================
