Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Problems with wuftpd - password logging(?)

From: mccomb () interport net (DaVe McComb)
Date: Thu, 16 Mar 1995 11:11:58 -0500 (EST)

I seem to have a major problem with wuftpd version wu-2.4, in that if a 
specific sequence of steps is taken, the user's password is logged to 
/var/adm/messages, wtmp, and to the screen.  This is happening under 
SunOS 4.1.3 with shadow passwords.  I _cannot_ duplicate this behavior 
under SunOS 4.1.3_U1 without the shadow passwords.

The steps that cause this are as follows:

- There is an initial failed login by some "non-allowed" user.
- Then, while still connected, the command: "user realuser" is entered.  
  (where "realuser" is a user in one of the guestgroups.)
- The password is then entered, and the user is allowed in.  However, the 
  user's password is displayed in /var/adm/messages, wtmp, and to the 
  console in the "User XXXXXXXX logged in." message.  (where "XXXXXXXX" is 
  the user's password instead of their userid.)

I've included the output of this session at the bottom of this message, 
in the hopes that it might prove useful.

I'm stumped without digging through the code, which I'd prefer not to 
do.  Has anyone else experienced this behavior?

Thanks for any help/advice.

-DaVe
 mccomb () interport net
 http://www.interport.net/~mccomb

---------------
host01(~)> /usr/ucb/ftp host00
Connected to host00.bogus.com.
220-**************************************************************************
220-
220-  ONLY AUTHORIZED USE OF THIS SYSTEM IS PERMITTED.  THE USER CONSENTS TO
220-  THE MONITORING OF THE SYSTEM BY SYSTEM MANAGEMENT TO ASSURE ALL SYSTEM
220-  USE IS AUTHORIZED AND TO ASSURE EFFICIENT OPERATION OF THE SYSTEM.
220- 
220-**************************************************************************
220-
220 host00 FTP server (Version wu-2.4(1) Wed Mar 15 17:04:32 EST 1995) ready.
Name (host00:mccomb): ftp
530 User ftp access denied. Login failed.
ftp> user realuser
331 Password required for realuser.
Password: 
230-**************************************************************************
230-
230-            Local time is Wed Mar 15 17:08:27 1995.
230- 
230-**************************************************************************
230-
230 User XXXXXXXX logged in.  Access restrictions apply.
ftp> quit
221 Goodbye.


Where "XXXXXXXX" above is the user's password and not their user ID!

---------------
And, in /var/adm/messages:

Mar 15 17:18:41 host00 ftpd[9100]: connection from host01 [xxx.xx.x.xxx]
Mar 15 17:18:43 host00 ftpd[9100]: FTP LOGIN REFUSED (name in 
/usr/local/etc/ftphosts) FROM host01 [xxx.xx.x.xxx], ftp
Mar 15 17:18:43 host00 ftpd[9100]: USER ftp
Mar 15 17:18:46 host00 ftpd[9100]: USER realuser
Mar 15 17:18:49 host00 ftpd[9100]: PASS password
Mar 15 17:18:49 host00 ftpd[9100]: FTP LOGIN FROM host01 [xxx.xx.x.xxx], 
XXXXXXXX Mar 13 17:18:52 host00 ftpd[9100]: QUIT
Mar 15 17:18:52 host00 ftpd[9100]: FTP session closed


Where "XXXXXXXX" once again is the user's password, not userid.

---------------

From /etc/inetd.conf:


ftp     stream  tcp     nowait  root    /usr/local/etc/tcpd /usr/local/etc/ftpd -dl

--------------
Previous By Date Next
Previous By Thread Next

Current thread: