|
|
| |
| The default installation of Compaq Web-Based Management on a Netware server reveals sensitive system files. This means that anyone with access to port 2301 on a Netware server can read the system password (Remote Console password). |
| |
Credit:
The information has been provided by Ian Vitek.
|
| |
Vulnerable systems:
Compaq Web-Based Management on Netware version 2.28 verified
Exploit:
The URL http://netware.example.com:2301/survey is accessible for everyone by default and contains sensitive system files:
SYS:\SYSTEM\AUTOEXEC.NCF
SYS:\ETC\NETINFO.CFG.
The system password (Remote Console password) and other passwords (SNMP ControlCommunity) may be in clear text in any of these files.
Solution:
Compaq recommend that you disable the web agent until a resolution has been provided.
Additional technical information:
Many administrators install Compaq Web-Based Management by default when they are installing Netware on a Compaq machine. Web-Based Management listens on port 2301 and anonymous access is allowed by default. Some Compaq installations have ports 49400 and 49401 open too. These ports are not verified.
Vendor response:
See:
http://www5.compaq.com/products/servers/management/security.html
For a complete vendor response to this issue.
|
|
|
|
|
|
|
|
