|
Full Disclosure
mailing list archives
IRCXpro 1.0 - Clear local and default remote admin passwords
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Tue, 3 Jun 2003 00:57:45 -0700
------------------------------------------------------------------
- EXPL-A-2003-002 exploitlabs.com Advisory 002
------------------------------------------------------------------
-=- IRCXpro 1.0 -=-
Vunerability(s):
----------------
1.local clear passwords
2.remote default admin enabled
Product:
--------
IRCXpro Server 1.0
http://www.ircxpro.com
Reviews:
--------
http://www.serverwatch.com/sreviews/article.php/1501261
http://reviews.zdnet.co.uk/review/41/2/3418.html
Description of product:
-----------------------
"IRCXpro is a feature rich Internet Relay-Chat (IRC/IRCX) Server
that can provide the basis for an interactive online community.
Guests will be able to take part in conversation using either
an Internet Browser chat client or 3rd party chat software."
VUNERABILITY / EXPLOIT
======================
Local:
------
All passwords and user names are inside settings.ini ... in the clear
Remote:
-------
Default Settings... Remote admin.
Serv.LogonSettings "LocalHost", 7100, "admin", "password"
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
sales () ircxpro com
support () ircxpro com
Concurrent with this advisory
Credits:
--------
Donnie Werner
http://exploitlabs.com "where finding your holes is job one, and plugging
them twice the phun"
morning_wood () exploitlabs com
Corporate Security Needs at http://fram4.com Security Systems
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
|
Intro
