~ftp/etc/passwd Vulnerability


Summary

An anonymous FTP password file that contains encrypted password fields can be used in a password cracking program to find user passwords.

An anonymous FTP password file that has a high number of user uids can provide a system crackers with information that can be useful in attacking a system.

Impact

Unauthorized user access to system.

Background

The password file used in an anonymous FTP area is used by the ls(1) program to show usernames and group names associated with files. FTP administrators sometimes copy the real system passwd file for use by in FTP area.

The problem

If the system does not have a shadow password system and the administrator just copies the /etc/passwd file, then the encrypted passwords and all the usernames are available to the world. There are widely programs available to attempt to crack passwords using a dictionary attack method. System crackers can also use the information in the GECOS field of the passwd file to make educated guesses at the users' passwords. The GECOS field is can contain information about the user such as office location, phone numbers, and the user's full name.

Fix

See Also