Joe said: > And now a drum roll please: > > Mercantec's SoftCart http://www.mercantec.com/ > Platform: Win32 (*Nix?) > Executable: SoftCart.exe (version unknown) > Exposed Directory: /orders and /pw > Exposed Order Info: Files ending in "/orders/*.olf" > Exposed Config Info: /pw/storemgr.pw > (user ID and encrypted PW for store mgr?) > > Number of exposed installs: 1 > PGP Option Available?: Unknown > NOTES: > > This one has only been found vulnerable on ONE server. (user error?) The > encryption scheme on the storemgr.pw password is unrecognized by me but > I'm not an encryption guru. Someone's bound to recognize it. > > This is a scary one though - HiWay technologies is one of the largest > domain hosts in the world, with over 120,000 domains. They are using > SoftCart for clients that request ECommerce capabilities. > > The exposed install I found is hosted by HiWay. > > *shudder* There's something about being so big that means that you can find almost anything on a Hiway system :-) In this case, though, the fire alarm is somewhat misplaced. In its usual setup, Mercantec pgp's all the .olf files, so there is no "plain text" CC information. Obviously, the user can not use pgp, and I have no doubt that that is exaclty what you found in the site(s) you looked at. One of the continual issues with being a Web Hosting entity is how much do you restrict what your users can do; should we *require* a user of ours to use a particular configuration of a product? It's a tough call. If a large number of our sites _had_ been vulnerable though, I wish you had given us a heads up first. FWIW, we've blocked all downloads from that directory via http/httpds, so now they won't get indexed or accessed... but as they should have been encrypted, that's not such quite so urgent. Either way, it should be completed shortly. Richard -- Dr. Richard Ford Mgr. of Engineering, Hiway Technologies, Inc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:22 PDT