Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords (FrontpagePwdService)

Vuln ID: 3391
Risk Level: Low risk vulnerability  Low FrontpagePwdService
Platforms: IBM AIX, Wind River BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft FrontPage, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Microsoft Windows 2003 Server
Description:

Microsoft FrontPage Extensions creates a file service.pwd file inside the _vti_pvt directory in the HTTP server's document root. This file contains encrypted passwords that could be remotely retrieved by an attacker and cracked offline. If the passwords in this file are weak enough, or enough time is spent cracking them, the attacker could potentially obtain the plaintext password and use it to access resources on the server.

Remedy:

Make sure passwords chosen for FrontPage accounts are strong enough to subvert cracking attempts if the hashes are obtained by an attacker. Also, the permissions on the _vti_pvt directory and the *.pwd files therein should be modified to disallow remote attackers from retrieving them. This work-around may or may not adversely affect the normal operation of the FrontPage server.

False Positives:
False Negatives:
Required Permission:
Additional Information:

References:

Microsoft TechNet Web page
List of Special Files and Directories Maintained by FrontPage
http://www.microsoft.com/technet/archive/office/office97/reskit/fp98serk/A_SPFILE.mspx

ISS X-Force
Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords
http://www.iss.net/security_center/static/3391.php


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures