<<< Date Index >>>     <<< Thread Index >>>

[Information Disclosure] NetForce v4.02 Sends NIS Password Maps with passwords hashes over sendmail



Vendor: Procom Technology, Inc.
Product: NetFORCE 800, v 4.02 M10 (Build 20)
Other Versions Vulnerable: unknown, vendor?s website sucks so I can?t tell
Vulnerability type: Information disclosure
Severity: Medium

* Software Information
  --------------------
  Model          : NetFORCE 800
  Version        : 4.02 M10 (Build 20)
  Vendor         : Procom Technology, Inc.

Description:

NetFORCE?s operating system on the NAS includes the ability to send a 
diagnostic e-mail with a wealth of information to the technician to be able to 
diagnose problems without providing direct remote access.  This diagnostic 
email includes output from various programs, statistical reports, and several 
file attachments.

One of these file attachments (passwd.nis) includes the NIS password map of any 
domain it is bound to, happily sending the entire domains fscking password 
hashes in the clear across the Internet over sendmail.  This doesn?t impact you 
if you don?t use NIS as the other files that include user information ?blank? 
out the password information.

NetFORCE sold its intellectual property to Sun and Sun uses the same systems to 
base their NAS solution off of.  Because the NetFORCE website no longer has 
software versioning information, it is not possible to test on other versions 
or determine which versions are or are not vulnerable.