|
|
|
|
| |
| The mod_sqlpw module for ProFTPD caches the user id and password information returned from the MySQL database when attempting to verify a password. When the "user" command is used to switch to another account, the cached password is not cleared, and the password entered is checked against the cached password. If a user knows the password for a valid account on a ProFTPD system using mod_sqlpw, they may log into any other account in the database. |
| |
Credit:
The information has been provided by Miller and Alessandro Zummo.
|
| |
Steps to Recreate:
1. FTP to the host running ProFTPD/mod_sqlpw.
2. At the login prompt, enter the user id of the known account "bob".
3. When prompted for a password, enter an invalid password for the account "bob". Authentication will fail.
4. Type "user Alice", where "Alice" is another account in the user database.
5. When prompted for a password, enter the correct password for "bob".
At this point, the user "bob" is logged in as the user "Alice" without knowing Alice's password.
Workaround:
As a temp fix, add the line:
MaxLoginAttempts 1
to the configuration file (/etc/proftpd.conf)
|
|
|
|
|
