|
Family: FTP --> Category: infos
Ariel FTP server : log in in as 'document' Vulnerability Scan
Vulnerability Scan Summary Checks if it is possible to log into the remote FTP server as the 'document' user
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote FTP server can be accessed with a known login and password pair.
Description :
The remote host is an Ariel FTP server.
Ariel is a document transmission system mostly used in the academic world.
It is possible to log into the remote FTP server by connecting as the user
'document' (or 'ariel4') and with a hex encoded password based on the IP
address of the host the user is connecting from.
A possible hacker could log into it and obtain the files from from print queue
or use the remote storage space for anything else.
See also :
http://www4.infotrieve.com/products_services/ariel.asp
Solution :
Filter incoming traffic to this port.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:C/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|