Advisories : ProFTPD mod_sqlpw module password caching bug

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : ProFTPD mod_sqlpw module password caching bug

Title:	ProFTPD mod_sqlpw module password caching bug
Released by:	Joe Miller
Date:	12th December 2000
Printable version:	Click here

        The mod_sqlpw module for ProFTPD caches the user id and password

information returned from the mysql database when attempting to verify a

password.  When the "user" command is used to switch to another account,

the cached password is not cleard, and the password entered is checked

against the cached password.  If a user knows the password for a valid

account on a ProFTPD system using mod_sqlpw, they may log into any other

account in the database by doing the following:



1. FTP to the host running ProFTPD/mod_sqlpw.

2. At the login prompt, enter the user id of the known account "bob".

3. When prompted for a password, enter an invalid password for the

account "bob".  Authentication will fail.

4. Type "user alice", where "alice" is another account in the user

database.

5. When prompted for a password, enter the correct password for "bob".



At this point, the user "bob" is logged in as the user "alice" without

knowing alice's password.



Joe Miller