• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: WebTrends Enterprise Reporting Server Multiple Vulnerabilities

Severity: HIGH

Description:

Certain versions of the WebTrends Enterprise Reporting Server contain a series of vulnerabilities.
Namely versions 1.5 and previous, the vulnerabilities in question are:

1. Logging via the server will write to a world/writable file.

Under certain conditions this file may contain certain sensitive information such as usernames and passwords, in clear text. This in particular is known to occur if you are not running using PAM (Pluggable Authentication Module).

If the server is running without PAM, users must use the server provided interface to create new users and set their passwords. In this case, by default, everything (including username and password) is stored in clear text in the file "interface.log" with read/write permissions for user, group and other. Any local user can read that file. If a WebTrends user has also an shell account on the box with the same password, that account can be compromised.

2. The server stores its' user information in files with world read/write permissions.

All user information is stored in the directory "wtm_wtx/datfiles/users" in the format "username.usr". Those files are with owner/group/other read/write permissions. Any local user, can decrypt the password or even easier alter/delete the user file and therefore create a denial of service.

3. User profiles are stored in world readable, writable files.

By altering these files it may be possible to launch a denial of service attack. As with the user files all profile information is stored in "wtm_wtx/datfiles/profiles" with owner/group/other read/write permissions. Any local user can alter/delete the profile file and therefore create a denial of service.

4. Under default installations, a blank username and password is enabled. This will allow remote users to access the server with administration privileges to the software if the owner neglects to change this.

Affected Products:

• WebTrends WebTrends Enterprise Reporting Server 1.5.0

References:

• Manos Megagiannis: TotallySecure.com
• Webtrends: Webtrends Support Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.