Vulnerability
Web-Based Management
Affected
Compaq Web-Based Management on Netware (Software version 2.28 verified)
Description
Following is based on a iXsecurity Security Vulnerability Report
iXsecurity.20001107.compaq-wbm.a. The default installation of
Compaq Web-Based Management on a Netware server reveals sensitive
system files.
Anyone that has access to port 2301 on a Netware server can read
the system password (Remote Console password):
http://netware.server.with.CWBM:2301/survey
is accessible for everyone by default and contains sensitive
system files:
SYS:\SYSTEM\AUTOEXEC.NCF
SYS:\ETC\NETINFO.CFG.
The system password (Remote Console password) and other passwords
(SNMP ControlCommunity) may be in clear text in any of these
files.
Many administrators install Compaq Web-Based Management by
default when they are installing Netware on a Compaq machine.
Web-Based Management listens on port 2301 and anonymous access is
allowed by default. Some Compaq installations have ports 49400
and 49401 open too. These ports are not verified.
Solution
Compaq recommend that you disable the web agent until a resolution
has been provided.
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
