Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: NT4, IIS4 FTP service. Yawn.
From: Adam Prato <sirsyko () mergioo ishiboo com>
Date: Wed, 31 Oct 2001 08:35:39 -0800
On Wed, Oct 31, 2001 at 09:56:33AM -0000, Kayne Ian (Softlab) wrote:


530 User (password) cannot log in.
Login failed.
------------------------------------

Notice that? Whatever password I typed in for the anonymous account was
echo'd back to the screen in plain text on the 530 error message.

Of course, your next question will be, why is the anonymous account
rejecting a login password? Good point, it seemed that the IIS password
synchronization feature had broken itself. 

As I said, it may be nothing, but it seems strange to me that the password
should be echo'd to screen in plaintext.


I imagine that is because in the case of an anonymous user, the password is
the user identity. Traditionally, you are to enter in your email address as
the password for the anonymous account. Thus the warning would be:

530 User (sirsyko () ishiboo com) cannot log in.

Adam

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]