VULHUB ™

Netscape Enterprise Server is a web server used to host larger-scale websites. A Web Publishing feature is installed by default. The Enterprise Server runs on Microsoft and most Unix and Linux platforms. An issue exists in Netscape Enterprise Server, which could allow an unauthorized user to brute force the password of user accounts when Web Publishing is enabled. Submitting a request containing 'wp-force-auth' will invoke a HTTP Basic Authentication dialog, from there users can use brute force techniques to potentially gain knowledge of the password, associated with known usernames (ie: guest, administrator, nobody etc.). It should be noted that iPlanet Web Server Enterprise Edition is also vulnerable to this issue.

Netscape Enterprise Server is a web server used to host larger-scale websites. A Web Publishing feature is installed by default. The Enterprise Server runs on Microsoft and most Unix and Linux platforms. An issue exists in Netscape Enterprise Server, which could allow an unauthorized user to brute force the password of user accounts when Web Publishing is enabled. Submitting a request containing 'wp-force-auth' will invoke a HTTP Basic Authentication dialog, from there users can use brute force techniques to potentially gain knowledge of the password, associated with known usernames (ie: guest, administrator, nobody etc.). It should be noted that iPlanet Web Server Enterprise Edition is also vulnerable to this issue.