a prompt from a netscape 4.1 entrprise server

From: nobody (pentesterat_private)
Date: Wed Oct 16 2002 - 07:23:41 PDT

Next message: Jeremy Junginger: "Covert Channels"

Previous message: Patrick MacDanel: "revised data for scoopLM capture"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am conducting a pen test on an application that
crosses our firewall - the app is well setup and
protected. Also we only allow port 80 and 443 to cross
the firewall.

While testing the app I was using the @stake web proxy
to alter the contents of the http data stream.  With
the http "session" still fresh I changed the ns
browser (4.7) to no longer use the local proxy
127.0.0.1 and instead connect directly to the http
server that runs the app - then I simply hit enter.

I was suprised to get a netscape basic authentication
prompt box with the text

Enter Username for Netscape Entperprise Server at
199.999.99.99:80

Questions ?

1. Does the server owner have to setup any userids to
run this server or is there always a default admin
userid in place on these servers ?
2. The prompt box did not specify any userid - just
the text above.  I think I can start password guessing
for the Netscape enterprise server administrator
userid. Any reason I cannot ?
3. Can this prompt be turned off - in other words why
is this prompt going out through the firewall - the
firewall permits only port 80 & 443  - ethereal shows
this traffic is port 80
4. I thought that the admin port for a NS 4.1 server
did not default to port 80 ??

I think that this prompt could be used for password
guessing on the server administrator userid - if the
server has such userid assigned.  To me this is a
potential entry into the NS server across the firewall
via port 80 !! 

I also found another means to get the same prompt -
making me suspect that the Netscape Server is
misconfigured.

Before I bring this to the attention of the server
admin can anyone answer any of the above questions ?

Reading the NS site docs does not conclusively tell me
that an administrator userid has to exist - and - does
not say (as far as I can find) if there is a way to
prevent this prompt from going out across the firewall
- there must be a way to prevent this in the Netscape
server

all help appreciated

nobody
 



__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Jeremy Junginger: "Covert Channels"
Previous message: Patrick MacDanel: "revised data for scoopLM capture"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 13:46:46 PDT