PWD's (other) Vulnerability in FrontPage Server Extensions SYSTEMS AFFECTED Systems (NT/Unix) running Microsoft FrontPage Server Extensions. PROBLEM The well publicized misconfiguration of FrontPage Password files has lead to many people finally fixing their systems. However, some systems are not fully protected. It seems that most System Administrators may search their system for Service.pwd files and then repair the permissions on these files to prevent possibly system intrusion. Other PWD files are now known to still be misconfigured and allow possibly intruders to extract the password file and crack the DES encryption. IMPACT The extraction and cracking of these password files could lead to your website being compromised. If the same password is also used as your system login, then your your network could possibly be at risk as well. EXPLOIT Some of the new PWD files to look for are: Administrator.pwd Administrators.pwd Authors.pwd Users.pwdthese files. To find and extract these files, several methods could be used: Use a browser to directly goto the following URL: http://www.victim.com/_vti_pvt/(filename).pwd Variants of the URL could also include Sub web names or User names. Using common search engines could also locate these files. FTP Search Engines are very effective for pinpointing the existance of these files. SOLUTION Place the proper security permissions on ALL pwd files on your server. The contents of this advisory are Copyright (c) 1998 the Rhino9 security research team, this document may be distributed freely, as long as proper credit is given.