iPlanet, Netscape Enterprise Servers at Risk

By Ryan Naraine (Send Email)
Posted Aug 2, 2002


A vulnerability has been detected in the Web Publisher feature in the iPlanet Enterprise Web Server and Netscape Enterprise Server products that exposes servers to brute force attacks.

In an alert issued Friday, the CERT Coordination Center warned that the vulnerabilities could allow attackers to make repeated authentication attempts if a server is configured to use HTTP basic authentication. To guard against brute force attacks, users must disable Web Publisher and Directory Indexing on external servers.

While the risk is not greater than any other brute force attack using HTTP basic authentication, this vulnerability may represent an unexpected avenue of attack, the Center warned.

The bug, which was detected by ProCheckup, affects the iPlanet Web Server, Enterprise Edition and Netscape Enterprise Server running on Windows NT-based operating systems.

The security outfit found the Web Publisher feature in those servers contains the wp-force-auth command that initiates an HTTP Basic Authentication dialog. "An attacker may make repeated calls to wp-force-auth in an attempt to guess valid user credentials. Well-known user credentials, such as Administrator or Guest on Windows systems, or root or nobody on Unix/Linux systems, may be subjected to brute-force attacks," it added.

While the exposure created by the bug is no greater than that of any other brute force attack, this vulnerability may represent an "unexpected avenue of attack," CERT warned.

Users of the vulnerable iPlanet server are urged to disable Web Publisher and Directory Indexing on external servers. Or, additionally, a Netscape Server Application Programming Interface (NSAPI) can be used to filter HTTP traffic to detect and block HTTP requests containing the ?wp-force-auth command.

It's not the first time bugs have been detected in Sun's iPlanet server product. Last month, Sun issued service packs to fix bugs in the search function of its iPlanet Web server.

The buffer overrun vulnerabilit ies, which detected by Next Generation Security Software (NGSS), affected versions 4.1 and 6.0 of iPlanet. That flaw allowed remote attackers to run arbitrary code if the search function within the Server is enabled. It was described as a high-risk bug.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.