Trippin Smurfs Security Team - 06/20/2002 http://www.t-smurfs.com/ [Securing by the masses, one box at a time.] ============================= [~] Issue: Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password Storage =========== [~] Author: ace | ace@microsoft.ph =========== [~] Vulnerable: Xitami Web Server (32-bit) 2.5b4 [http://www.imatix.com/] =========== [~] Description: Xitami is a multithreaded Web server. Though small and simple, Xitami is robust enough to handle high-volume intranets. Built from the ground up as a high-performance Web server engine, it pumps data onto the network at top speed. This means that it can serve large files quickly while handling many simultaneous hits. =========== [~] Bug: Xitami web server suffers from poor password storage syndrome [ i know, i made the name up ;) ]. =========== [~] Exploit: Any local user could head out to C:\Xitami where the default installation directory sits, and open "defaults.aut" a file name in the Xitami directory. This file has the administrators user/password saved in plain text!. Here is what the file looks like: ---------------------------- # Created at installation time # [/Admin] bob="lemonhead" [Private] Jacky=robusta ---------------------------- As you can see, no encryption at all is used and so technically this bug is of "high severity". =========== [~] Work Around: Uninstall Xitami. =========== [~] Vendor Status: The Vendor has been contacted, still no reply on this issue, will update this when vendor response is recieved. ============================ Trippin Smurfs - http://www.t-smurfs.com/ ============================
