Code: Select all
Des cription: gues s ed pas s word to web form: /index.php (admin:admin) S everity:
Critical Problem Impact: An attacker who is able to gues s the pas s word to a us er
account could gain s hell acces s to the s ys tem with the privileges of the us er. From
there it is often trivial to gain complete control of the s ys tem. Res olution Protect all
accounts with a pas s word that cannot be gues s ed. Require us ers to choos e
pas s words which are eight characters long, including numeric and non-alphanumeric
characters , and which are not bas ed on the login name or any other pers onal
information about the us er. Enforce this policy us ing a utility s uch as
[http://www.utexas .edu/cc/unix/s oftware/ npas s wd] npas s wd in place of the default
UNIX pas s wd program. Check the s trength of all account pas s words periodicallyTCP 443 9
using a password cracking utility s uch as [ftp://coas t.cs .purdue.edu/pub/tools /unix
/pwdutils /crack] Crack for Unix. For Cis co 2700 S eries Wireles s Location Appliance,
change the pas s word or mitigate as des cribed in
[http://www.cis co.com/warp/public/707/ci s co-air-20061013-wla.s html] cis co-air-
20061013-wla. Vulnerability Details : S ervice: 443:TCP S ent: POS T /index.php
HTTP/1.0 Hos t: oldworldnames .com Us er-Agent: Mozilla/5.0 Content-length: 194
Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Cookie:
virtuemart=1a94902355924120e2f2aeb75503d7 60;
3123b2e981cc3a414daab138debda284=-
us ername=admin& pas s wd=admin& remember=yes &
S ubmit=Login& option=login& op2=login& lang=e
nglis h& return=https ://oldworldnames .com/i
ndex.php& mes s age=0& force_s es s ion=1& jc8afe6
6b84049a86fc9f67e325e6c3e8=1 Received: HTTP/1.1 200 OK Did Not Receive:
<meta http-equiv="Content-Type" content="text/html; chars et=is o-8859-1"
/><s cript>alert('Incorrect us ername or pas s word. Pleas e try again.');
window.his tory.go(-1);</s cript> (s aint-3600)
TCP 443 9
Des cription: gues s ed pas s word to web form: /index.php (admin:pas s word) S everity:
Critical Problem Impact: An attacker who is able to gues s the pas s word to a us er
account could gain s hell acces s to the s ys tem with the privileges of the us er. From
there it is often trivial to gain complete control of the s ys tem. Res olution Protect all
accounts with a pas s word that cannot be gues s ed. Require us ers to choos e
pas s words which are eight characters long, including numeric and non-alphanumeric
characters , and which are not bas ed on the login name or any other pers onal
information about the us er. Enforce this policy us ing a utility s uch as
[http://www.utexas .edu/cc/unix/s oftware/ npas s wd] npas s wd in place of the default
UNIX pas s wd program. Check the s trength of all account pas s words periodically
us ing a pas s word cracking utility s uch as [ftp://coas t.cs .purdue.edu/pub/tools /unix
/pwdutils /crack] Crack for Unix. For Cis co 2700 S eries Wireles s Location Appliance,
change the pas s word or mitigate as des cribed in
[http://www.cis co.com/warp/public/707/ci s co-air-20061013-wla.s html] cis co-air-
20061013-wla. Vulnerability Details : S ervice: 443:TCP S ent: POS T /index.php
HTTP/1.0 Hos t: oldworldnames .com Us er-Agent: Mozilla/5.0 Content-length: 197
Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Cookie:
virtuemart=1a94902355924120e2f2aeb75503d7 60;
3123b2e981cc3a414daab138debda284=-
us ername=admin& pas s wd=pas s word& remember=y
es & S ubmit=Login& option=login& op2=login& lan
g=englis h& return=https ://oldworldnames .co
m/index.php& mes s age=0& force_s es s ion=1& jc8a
fe66b84049a86fc9f67e325e6c3e8=1 Received: HTTP/1.1 200 OK Did Not Receive:
<meta http-equiv="Content-Type" content="text/html; chars et=is o-8859-1"
/><s cript>alert('Incorrect us ername or pas s word. Pleas e try again.');
window.his tory.go(-1);</s cript> (s aint-3600)
TCP 80 http 5
S ynops is : The remote web s erver might transmit credentials in cleartext.
Des cription : The remote web s erver contains s everal HTML form fields containing an
input of type 'pas s word' which transmit their information to a remote web s erver in
cleartext. An attacker eaves dropping the traffic between web brows er and s erver
may obtain logins and pas s words of valid us ers . Solution: Make s ure that every
s ens itive form transmits content over HTTPS . Risk Factor: Medium / CVS S Bas e
S core : 5.0 (CVS S 2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Other references : CWE:522,
CWE:523, CWE:718, CWE:724 (26194)