• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: EFTP Password Hash Retrieval Vulnerability

Severity: HIGH

Description:

Encrypted File Transfer Protocol (EFTP) utilizes 448bit Blowfish Encryption Algorithm to ensure the secure transfer of files via the FTP protocol. EFTP is both an FTP client and server application for Windows, and is maintained by Khamil Landross and Zack Jones.

EFTP Server supports the use of UNC shares. UNC shares are a way for users to identify shared resources, '//' or '\\' specifies the server and '/' or '\' reveals the path to the shared resource. A UNC name format is structured similar to this: \\server\share\path\filename

A flaw in EFTP Server could allow a user to lead the server into disclosing the credentials of the user the server is running under.

If a logged in FTP user connects to an external share and submits a malformed 'list' command, the user could force the FTP server to make an external SMB connection to a host of his choice. A likely connection would be to a malicious host expecting the connection. In order for the server to successfully connect to the host, the server would have to provide the login credentials of the user the server is running under. A password hash is sent across the external connection to the host. This information could easily be captured by a third party network utility listening for internal and external traffic on the host. The captured password hash could be resolved into the username and password.

If an attacker successfully exploited this vulnerability it could assist in further attacks against the host, and possibly lead to complete compromise of the host.

Affected Products:

• Cisco iCDN 2.0.0
• Khamil Landross and Zack Jones EFTP 2.0.7 .337

References:

• Khamil Landross and Zack Jones: EFTP Main Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.