iPlanet, Netscape Enterprise Servers at Risk

by Ryan Naraine

To guard against brute force attacks, users must disable Web Publisher and Directory Indexing on external servers.

A vulnerability has been detected in the Web Publisher feature in the iPlanet Enterprise Web Server and Netscape Enterprise Server products that exposes servers to brute force attacks.

In an alertissued Friday, the CERT Coordination Center warned that the vulnerabilities could allow attackers to make repeated authentication attempts if a server is configured to use HTTP basic authentication.

While the risk is not greater than any other brute force attack using HTTP basic authentication, this vulnerability may represent an unexpected avenue of attack, the Center warned.

The bug, which was detected by ProCheckup, affects the iPlanet Web Server, Enterprise Edition and Netscape Enterprise Server running on Windows NT-based operating systems.

The security outfit found the Web Publisher feature in those servers contains the wp-force-auth command that initiates an HTTP Basic Authentication dialog. "An attacker may make repeated calls to wp-force-auth in an attempt to guess valid user credentials. Well-known user credentials, such as Administrator or Guest on Windows systems, or root or nobody on Unix/Linux systems, may be subjected to brute-force attacks," it added.

While the exposure created by the bug is no greater than that of any other brute force attack, this vulnerability may represent an "unexpected avenue of attack," CERT warned.

Users of the vulnerable iPlanet server are urged to disable Web Publisher and Directory Indexing on external servers. Or, additionally, a Netscape Server Application Programming Interface (NSAPI) can be used to filter HTTP traffic to detect and block HTTP requests containing the ?wp-force-auth command.

It's not the first time bugs have been detected in Sun's iPlanet server product. Last month, Sun issued service packs to fix bugs in the search function of its iPlanet Web server.

The buffer overrun vulnerabilit ies, which detected by Next Generation Security Software (NGSS), affected versions 4.1 and 6.0 of iPlanet. That flaw allowed remote attackers to run arbitrary code if the search function within the Server is enabled. It was described as a high-risk bug.

This article was originally published on Friday Aug 2nd 2002
Mobile Site | Full Site