Microsoft FrontPage Vulnerabilities
Impact
A remote attacker could take control of the web site, and
possibly the system as well.
Background
Web servers which include Microsoft FrontPage Server Extensions
have special accounts to authenticate web server administrators,
web page authors, and web site visitors. The account names and
encrypted passwords are stored in FrontPage password files in the
/_vti_pvt directory. The password files are named
service.pwd on Microsoft web servers, and in
administrators.pwd, authors.pwd,
and users.pwd on Netscape web servers.
The Problem
The FrontPage password file(s) indicated on the previous screen,
next to the link to this tutorial, are readable by an unprivileged
web user. An attacker could crack the encrypted passwords and
gain unauthorized access to the web site. If any users' FrontPage
passwords are the same as their system passwords, the system
could be compromised as well.
Resolutions
Set the permissions on the FrontPage password file(s) to
be more restrictive. The exact permissions which should
be used are not specified. Use the most restrictive
permissions possible without denying access to legitimate
users.
On Windows NT systems:
- Find the file in Windows Explorer
- Click on the file with the right mouse button
- Select Properties
- Click on the Security Tab
- Click on the Permissions button
- Change or remove permissions on the file as necessary.
On Unix systems:
Use the
chmod command.
Where can I read more about this?
See the
Rhino 9 Advisory for more information about this
vulnerability. More details about FrontPage password files
can be found in a
Web Workshop from Microsoft.