Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:FRONTPAGE:SERVICE.PWD-REQ |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Frontpage service.pwd File Request |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Frontpage service.pwd File Request
This signature detects attempts to access the Microsoft FrontPage extensions for UNIX .pwd file which contains sensitive account information.
Extended Description
Unspecified versions of Frontpage extensions for unix have been reported to create a readable (and occasionally writable) file called "services.pwd" which contains encrypted password and account information. These appear to be created in various directories and have been reportedly found by "find / -name service.pwd -print". Additionally, it is reported that unspecified versions of Frontpage Extensions create a file "/_vti_pvt/administrators.pwd" which often has improper permissions set. This can be retrieved remotely via the URL "http://www.yourhost.com/_vti_pvt/administrators.pwd". Version information and verification of these issues could not be obtained.
Affected Products
- Microsoft frontpage 1.1
- Microsoft frontpage_98_server_extensions_for_iis
References
- BugTraq: 1205
- URL: http://www.securityfocus.com/archive/1/9100