HTTP: Frontpage service.pwd File Request
This signature detects attempts to access the Microsoft FrontPage extensions for UNIX .pwd file which contains sensitive account information.
Extended Description
Unspecified versions of Frontpage extensions for unix have been reported to create a readable (and occasionally writable) file called "services.pwd" which contains encrypted password and account information. These appear to be created in various directories and have been reportedly found by "find / -name service.pwd -print". Additionally, it is reported that unspecified versions of Frontpage Extensions create a file "/_vti_pvt/administrators.pwd" which often has improper permissions set. This can be retrieved remotely via the URL "http://www.yourhost.com/_vti_pvt/administrators.pwd". Version information and verification of these issues could not be obtained.
Affected Products
Microsoft frontpage_98_server_extensions_for_iis
Short Name
HTTP:FRONTPAGE:SERVICE.PWD-REQ
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
File Frontpage Request bid:1205 service.pwd
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft