Info

Disclosure

Jul 01, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

WatchGuard Firebox SOHO contains a flaw that may allow a remote attacker to gain access to the FTP service. The issue is due to the FTP service not requiring a valid user name to log in. This allows an attacker to more easily brute force a valid password without the need of a matching account. If compromised, the firewall configuration and other sensitive information could be downloaded.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
OSVDB: Security Software

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: 1) Log on to the firewall http management service 2) Select "Firewall Options" 3) Make sure there is a tick next to the field "Do not allow FTP access to Trusted Network interface"

Products

WatchGuard Technologies, Inc.

Firebox SOHO

5.0.35a

References

CVE ID: 2002-1047 (see also: NVD)
ISS X-Force ID: 9511
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html
Vendor URL: http://www.watchguard.com/

Credit

Peter Gründl - peter.grundldefcom.com - Defcom Labs

Direct URL: http://osvdb.org/4407