Sambar Server Insecure Default Protection for User Passwords

vendor:

Sambar Server

by:

SecurityFocus

7.5

CVSS

HIGH

Insecure Default Protection for User Passwords

259

CWE

Product Name: Sambar Server

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Unix

2002

Sambar Server Insecure Default Protection for User Passwords

Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted. Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.

Mitigation:

Ensure that the default password decryption algorithm is secure and that user passwords are encrypted with a strong encryption algorithm.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3095/info

Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.

Sambar Server provides insecure default protection for user passwords.

The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted.

Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21027.zip