https://www.exploit-db.com/exploits/21027
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-175

SambarServer5及其之前版本的默认配置会使用加密密码二进制程序编译的对称密钥，远程攻击者可以通过破解密钥或修改sambar程序副本来调用译码程序，从而破解所有用户的密码。

source: http://www.securityfocus.com/bid/3095/info

Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.

Sambar Server provides insecure default protection for user passwords.

The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted.

Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21027.zip

来源:BID
名称:3095
链接:http://www.securityfocus.com/bid/3095
来源:XF
名称:sambar-insecure-passwords(6909)
链接:http://xforce.iss.net/static/6909.php
来源:BUGTRAQ
名称:20010725SambarServerpassworddecryption
链接:http://www.securityfocus.com/archive/1/199418