Microsoft FrontPage Extensions authors.pwd Information Disclosure

medium Nessus Plugin ID 10078

Synopsis

The remote web server has an information disclosure vulnerability.

Description

The remote web server appears to be running with Microsoft FrontPage extensions. The file 'authors.pwd', which contains the encrypted passwords of FrontPage authors, can by accessed by anyone. A remote attacker could decrypt these passwords, or possibly overwrite this file.

Solution

Change the permissions of the '/vti_vt' directory to prevent access by unauthenticated web users.

See Also

https://seclists.org/bugtraq/1998/Apr/169

Plugin Details

Severity: Medium

ID: 10078

File Name: frontpage_authors.nasl

Version: 1.35

Type: remote

Family: Web Servers

Published: 8/22/1999

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/23/1999

Reference Information

BID: 1205