807.txt

This is the snapshot of Snot Latest Rules

Rule:  

--
Sid:
807

--
Summary:
This event is generated when an attempt is made to download the wwwboard password file

--
Impact:
Information disclosure.
An attacker could crack the encrypted password and gain access to the wwwboard administrator account

--
Detailed Information:
Releases of WWWBoard (Matt Wright's CGI webboard application) before version 2.0 Alpha 2.1 place the encrypted password for the web application's administrator in a file called "passwd.txt" accessible from the web root.

--
Affected Systems:
Matt Wright WebBoard
 
--
Attack Scenarios:
Attacker downloads the passwd.txt file and then launches a password cracker to brute force the password (the password is encypted via crypt(3), and password crackers for this format are ubiquitous). If the password is successfully cracked (due to weak passwords or significant cracking resources), the attacker will have administrative access to the wwwboard web application.

--
Ease of Attack:
Simple. Exploit software is not required.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
Ensure that local installations of WWWBoard are current and properly configured to not save the password file into a publically-accessible area.

--
Contributors:
Original rule writer unknown
Original document author unkown
Sourcefire Vulnerability Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--