Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password Storage

[ace <ace () microsoft ph>]

Trippin Smurfs Security Team - 06/20/2002
http://www.t-smurfs.com/
[Securing by the masses, one box at a time.]
=============================

[~] Issue:

Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password Storage
===========

[~] Author:

ace | ace () microsoft ph
===========

[~] Vulnerable:

Xitami Web Server (32-bit) 2.5b4 [http://www.imatix.com/]
===========

[~] Description:

Xitami is a multithreaded Web server. Though small and simple, Xitami is 
robust enough to handle high-volume intranets. 
Built from the ground up as a high-performance Web server engine, it pumps 
data onto the network at top speed. 
This means that it can serve large files quickly while handling many 
simultaneous hits.
===========

[~] Bug:

Xitami web server suffers from poor password storage syndrome [ i know, i 
made the name up ;) ].
===========

[~] Exploit:

Any local user could head out to C:\Xitami where the default installation 
directory sits, and open "defaults.aut" a file name in the Xitami 
directory.
This file has the administrators user/password saved in plain text!. Here 
is what the file looks like:

----------------------------
#  Created at installation time 
#
[/Admin]
    bob="lemonhead"
[Private]
    Jacky=robusta
----------------------------

As you can see, no encryption at all is used and so technically this bug 
is of "high severity".
===========

[~] Work Around:

Uninstall Xitami.
===========

[~] Vendor Status:
The Vendor has been contacted, still no reply on this issue, will update 
this when vendor response is recieved.

============================
Trippin Smurfs - http://www.t-smurfs.com/
============================