PWD's (other)

                   Vulnerability in FrontPage Server Extensions

                   SYSTEMS AFFECTED
                   Systems (NT/Unix) running Microsoft FrontPage Server Extensions.

                   PROBLEM
                   The well publicized misconfiguration of FrontPage Password files has
                   lead to many people finally fixing their systems. However, some systems
                   are not fully protected. It seems that most System Administrators may
                   search their system for Service.pwd files and then repair the permissions
                   on these files to prevent possibly system intrusion. Other PWD files are
                   now known to still be misconfigured and allow possibly intruders to
                   extract the password file and crack the DES encryption.

                   IMPACT
                   The extraction and cracking of these password files could lead to your
                   website being compromised. If the same password is also used as your
                   system login, then your your network could possibly be at risk as well.

                   EXPLOIT
                   Some of the new PWD files to look for are:

                        Administrator.pwd
                        Administrators.pwd
                        Authors.pwd
                        Users.pwdthese files.

                   To find and extract these files, several methods could be used:

                   Use a browser to directly goto the following URL:
                   http://www.victim.com/_vti_pvt/(filename).pwd
                   Variants of the URL could also include Sub web names or User names.

                   Using common search engines could also locate these files. FTP Search
                   Engines are very effective for pinpointing the existance of these files.

                   SOLUTION
                   Place the proper security permissions on ALL pwd files on your server.

                   The contents of this advisory are Copyright (c) 1998 the Rhino9 security
                   research team, this document may be distributed freely, as long as
                   proper credit is given.

