Vulnerabilities > CVE-2002-1521 - Unspecified vulnerability in MDG Computer Services web Server 4D 3.6

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
mdg-computer-services
nessus
NVD
Published: 2003-04-02
Updated: 2008-09-05

Summary

Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.

Vulnerable Configurations

Part Description Count
Application
Mdg_Computer_Services
1

Nessus

NASL familyCGI abuses
NASL idWEBSERVER4D.NASL
descriptionAccording to its Server response header, the remote web server is Webserver 4D 3.6 or lower. Such versions store all usernames and passwords in plaintext in the file
last seen2020-06-01
modified2020-06-02
plugin id11151
published2002-10-26
reporterThis script is Copyright (C) 2002-2018 Jason Lidow <[email protected]>
sourcehttps://www.tenable.com/plugins/nessus/11151
titleWebserver 4D Plaintext Password Storage
code
# This script was created by Jason Lidow <[email protected]>
# The vulnerability was originally discovered by [email protected] 

include("compat.inc");

if(description)
{
        script_id(11151);
        script_bugtraq_id(5803);
	script_cve_id("CVE-2002-1521");
        script_version("1.19");
        script_name(english:"Webserver 4D Plaintext Password Storage");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote web server is affected by an information disclosure
vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"According to its Server response header, the remote web server is
Webserver 4D 3.6 or lower. Such versions store all usernames and
passwords in plaintext in the file 'Ws4d.4DD' in the application's
installation directory. A local attacker can exploit this flaw to gain
unauthorized privileges on this host."
  );
  # https://web.archive.org/web/20041213161024/http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f98ab628"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Contact the vendor for an update."
  );
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2002/10/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/04/09");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();
        script_summary(english:"Checks for Webserver 4D");

        script_category(ACT_GATHER_INFO);

        script_copyright(english:"This script is Copyright (C) 2002-2020 Jason Lidow <[email protected]>");
        script_family(english:"CGI abuses");
        script_dependencie("http_version.nasl", "find_service1.nasl", "httpver.nasl", "no404.nasl");
        script_require_ports("Services/www", 80);
        exit(0);
}


include("http_func.inc");
port = get_http_port(default:80, embedded:TRUE);


banner = get_http_banner(port:port);


poprocks = egrep(pattern:"^Server.*", string: banner);
if(banner)
{
        if("Web_Server_4D" >< banner) 
	{
                yo = string("\nThe following banner was received : ", poprocks, "\n");

                security_note(port:port, extra:yo);
 	}
}

References