Abyss Web Server Web management interface brute force
| abyss-web-admin-bruteforce (11310) |  Low Risk |
Description:
Abyss Web Server could allow a remote attacker to determine the username and password to the remote management interface running on port 9999. The remote management interface fails to provide a delay between unsuccessful login attempts and does not set a limit for the number of unsuccessful login attempts allowed. This could allow a remote attacker to use brute force techniques to determine a valid username and password and gain unauthorized access to the Web server's remote management interface.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- Aprelium Technologies Web site: Aprelium Technologies - Home.
- BugTraq Mailing List, Wed Feb 12 2003 - 12:03:49 CST : Abyss WebServer Brute Force Vulnerability .
- BID-6842: Abyss Web Server Administrative Interface Failed Login Recording Weakness
- CVE-2003-1363: The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
Platforms Affected:
- Aprelium Abyss Web Server 1.1.2 and prior
Reported:
Feb 09, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net