Vulnerability Development mailing list archives

Re: NT4, IIS4 FTP service. Yawn.

From: Adam Prato <sirsyko () mergioo ishiboo com>
Date: Wed, 31 Oct 2001 08:35:39 -0800

On Wed, Oct 31, 2001 at 09:56:33AM -0000, Kayne Ian (Softlab) wrote:

530 User (password) cannot log in.
Login failed.
------------------------------------

Notice that? Whatever password I typed in for the anonymous account was
echo'd back to the screen in plain text on the 530 error message.

Of course, your next question will be, why is the anonymous account
rejecting a login password? Good point, it seemed that the IIS password
synchronization feature had broken itself. 

As I said, it may be nothing, but it seems strange to me that the password
should be echo'd to screen in plaintext.


I imagine that is because in the case of an anonymous user, the password is
the user identity. Traditionally, you are to enter in your email address as
the password for the anonymous account. Thus the warning would be:

530 User (sirsyko () ishiboo com) cannot log in.

Adam

Current thread:

NT4, IIS4 FTP service. Yawn. Kayne Ian (Softlab) (Oct 31)
- Re: NT4, IIS4 FTP service. Yawn. Thor (Oct 31)
- Re: NT4, IIS4 FTP service. Yawn. Adam Prato (Oct 31)