|Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords (FrontpagePwdService)|
|Platforms:||IBM AIX, Wind River BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft FrontPage, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Microsoft Windows 2003 Server|
Microsoft FrontPage Extensions creates a file service.pwd file inside the _vti_pvt directory in the HTTP server's document root. This file contains encrypted passwords that could be remotely retrieved by an attacker and cracked offline. If the passwords in this file are weak enough, or enough time is spent cracking them, the attacker could potentially obtain the plaintext password and use it to access resources on the server.
Make sure passwords chosen for FrontPage accounts are strong enough to subvert cracking attempts if the hashes are obtained by an attacker. Also, the permissions on the _vti_pvt directory and the *.pwd files therein should be modified to disallow remote attackers from retrieving them. This work-around may or may not adversely affect the normal operation of the FrontPage server.
Microsoft TechNet Web page
Know Your Risks
Common Vulnerabilties & Exposures