------------------------------------------------------------------ - EXPL-A-2003-002 exploitlabs.com Advisory 002 ------------------------------------------------------------------ -=- IRCXpro 1.0 -=-
Vunerability(s): ---------------- 1.local clear passwords 2.remote default admin enabled Product: -------- IRCXpro Server 1.0 http://www.ircxpro.com Reviews: -------- http://www.serverwatch.com/sreviews/article.php/1501261 http://reviews.zdnet.co.uk/review/41/2/3418.html Description of product: ----------------------- "IRCXpro is a feature rich Internet Relay-Chat (IRC/IRCX) Server that can provide the basis for an interactive online community. Guests will be able to take part in conversation using either an Internet Browser chat client or 3rd party chat software." VUNERABILITY / EXPLOIT ====================== Local: ------ All passwords and user names are inside settings.ini ... in the clear Remote: ------- Default Settings... Remote admin. Serv.LogonSettings "LocalHost", 7100, "admin", "password" Vendor Fix: ----------- No fix on 0day Vendor Contact: --------------- [EMAIL PROTECTED] [EMAIL PROTECTED] Concurrent with this advisory Credits: -------- Donnie Werner http://exploitlabs.com "where finding your holes is job one, and plugging them twice the phun" [EMAIL PROTECTED] Corporate Security Needs at http://fram4.com Security Systems