Internet Explorer FTP服务器信息泄露漏洞

Internet Explorer FTP服务器信息泄露漏洞

漏洞ID 1105526 漏洞类型 未知
发布时间 1999-08-25 更新时间 1999-08-25
图片[1]-Internet Explorer FTP服务器信息泄露漏洞-安全小百科CVE编号 CVE-1999-1235
图片[2]-Internet Explorer FTP服务器信息泄露漏洞-安全小百科CNNVD-ID CNNVD-199908-053
漏洞平台 Windows CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/19473
https://www.securityfocus.com/bid/87772
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199908-053
|漏洞详情
InternetExplorer5.0版本记录URL历史记录中FTP服务器上的用户名和密码,(1)本地用户利用从其他用户的index.dat读取信息,或者(2)当用户鼠标移动至链接上时,被物理窥探(“shouldersurfing”)的人利用从状态栏上读取信息。
|漏洞EXP
Microsoft Internet Explorer 5.0 for Windows 2000/Windows NT 4 FTP Password Storage Vulnerability

source: http://www.securityfocus.com/bid/610/info

FTP usernames and passwords for sites accessed via Internet Explorer 5.X are stored (cleartext) in history files stored under WinntProfiles[Username]HistoryHistory.IE5index.dat and WinntProfiles[Username]HistoryHistory.IE5MSHist<date>..index.dat. By default, the WinntProfiles[Username]History directories are secured with ACLs to allow Full Control for System, the Administrators group, and the given Username. The index.dat files, however, are created with Everyone:Full Control permissions.

Because the "Bypass Traverse Checking" right is assigned by default to the Everyone group, any user with access to the host can read any other user's index.dat files. 

To bypass traverse checking and access another user's index.dat files, reference the absolute filename. For example, to search for all index.dat files belonging to the "administrator" account, issue the following command from a command prompt:

find "//"<winntprofilesadministratorhistoryhistory.ie5index.dat
|参考资料

来源:XF
名称:nt-ie5-user-ftp-password(3289)
链接:http://xforce.iss.net/static/3289.php

相关推荐: eman.sh CGI脚本执行任意命令漏洞

eman.sh CGI脚本执行任意命令漏洞 漏洞ID 1207360 漏洞类型 未知 发布时间 1998-05-15 更新时间 1998-05-15 CVE编号 CVE-1999-1179 CNNVD-ID CNNVD-199805-012 漏洞平台 N/A …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享