| GEN:SID | 1:1166 |
| Message | WEB-MISC ws_ftp.ini access |
| Summary | This event is generated when an attempt is made to download the file ws_ftp.ini via a web request.
|
| Impact | Serious. Information Disclosure.
|
| Detailed Information | When a user of WS_FTP chooses "save password" when connecting to an FTP server, the password is stored in the file ws_ftp.ini which may be accessible via a web server. The stored passwords use a weak encryption scheme that is easy broken.
|
| Affected Systems | |
| Attack Scenarios | An attacker might be able to retrieve the file, use one of the widely available password cracking tools and gain valid login information to the server.
|
| Ease of Attack | Simple.
|
| Corrective Action | Check the host for signs of compromise.
Change all passwords used on the host.
Disallow the use of ftp on the server, consider the use of scp to transfer files.
|
| Additional References | |
| Rule References | bugtraq: 547
cve: 1999-1078
|