------------------------------------------------------------------ - EXPL-A-2003-002 exploitlabs.com Advisory 002 ------------------------------------------------------------------ -=- IRCXpro 1.0 -=- Vunerability(s): ---------------- 1.local clear passwords 2.remote default admin enabled Product: -------- IRCXpro Server 1.0 http://www.ircxpro.com Reviews: -------- http://www.serverwatch.com/sreviews/article.php/1501261 http://reviews.zdnet.co.uk/review/41/2/3418.html Description of product: ----------------------- "IRCXpro is a feature rich Internet Relay-Chat (IRC/IRCX) Server that can provide the basis for an interactive online community. Guests will be able to take part in conversation using either an Internet Browser chat client or 3rd party chat software." VUNERABILITY / EXPLOIT ====================== Local: ------ All passwords and user names are inside settings.ini ... in the clear Remote: ------- Default Settings... Remote admin. Serv.LogonSettings "LocalHost", 7100, "admin", "password" Vendor Fix: ----------- No fix on 0day Vendor Contact: --------------- salesat_private supportat_private Concurrent with this advisory Credits: -------- Donnie Werner http://exploitlabs.com "where finding your holes is job one, and plugging them twice the phun" morning_woodat_private Corporate Security Needs at http://fram4.com Security Systems _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 01:23:58 PDT