I am conducting a pen test on an application that crosses our firewall - the app is well setup and protected. Also we only allow port 80 and 443 to cross the firewall. While testing the app I was using the @stake web proxy to alter the contents of the http data stream. With the http "session" still fresh I changed the ns browser (4.7) to no longer use the local proxy 127.0.0.1 and instead connect directly to the http server that runs the app - then I simply hit enter. I was suprised to get a netscape basic authentication prompt box with the text Enter Username for Netscape Entperprise Server at 199.999.99.99:80 Questions ? 1. Does the server owner have to setup any userids to run this server or is there always a default admin userid in place on these servers ? 2. The prompt box did not specify any userid - just the text above. I think I can start password guessing for the Netscape enterprise server administrator userid. Any reason I cannot ? 3. Can this prompt be turned off - in other words why is this prompt going out through the firewall - the firewall permits only port 80 & 443 - ethereal shows this traffic is port 80 4. I thought that the admin port for a NS 4.1 server did not default to port 80 ?? I think that this prompt could be used for password guessing on the server administrator userid - if the server has such userid assigned. To me this is a potential entry into the NS server across the firewall via port 80 !! I also found another means to get the same prompt - making me suspect that the Netscape Server is misconfigured. Before I bring this to the attention of the server admin can anyone answer any of the above questions ? Reading the NS site docs does not conclusively tell me that an administrator userid has to exist - and - does not say (as far as I can find) if there is a way to prevent this prompt from going out across the firewall - there must be a way to prevent this in the Netscape server all help appreciated nobody __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 13:46:46 PDT