[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : ProFTPD mod_sqlpw module password caching bug

Title: ProFTPD mod_sqlpw module password caching bug
Released by: Joe Miller
Date: 12th December 2000
Printable version: Click here
        The mod_sqlpw module for ProFTPD caches the user id and password

information returned from the mysql database when attempting to verify a

password.  When the "user" command is used to switch to another account,

the cached password is not cleard, and the password entered is checked

against the cached password.  If a user knows the password for a valid

account on a ProFTPD system using mod_sqlpw, they may log into any other

account in the database by doing the following:

1. FTP to the host running ProFTPD/mod_sqlpw.

2. At the login prompt, enter the user id of the known account "bob".

3. When prompted for a password, enter an invalid password for the

account "bob".  Authentication will fail.

4. Type "user alice", where "alice" is another account in the user


5. When prompted for a password, enter the correct password for "bob".

At this point, the user "bob" is logged in as the user "alice" without

knowing alice's password.

Joe Miller

(C) 1999-2000 All rights reserved.