<plugin_id>206</plugin_id>
<plugin_name>Novell Groupwise 6.0 Servlet Manager default password</plugin_name>
<plugin_family>Netware</plugin_family>
<plugin_created_date>2004/09/13</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>443</plugin_port>
<plugin_procedure_detection>open|sleep|send GET /servlet/ServletManager HTTP/1.1\nAuthorization: Basic c2VydmxldDptYW5hZ2Vy\n\n|sleep|clsose|pattern_exists ServletManager OR Servlet information</plugin_procedure_detection>
<plugin_detection_accuracy>98</plugin_detection_accuracy>
<plugin_comment>Check is inspired by the Nessus plugin (see Nessus ID listed in the sources).</plugin_comment>
<bug_published_name>Adam Gray</bug_published_name>
<bug_published_email>agray at novacoast dot com</bug_published_email>
<bug_published_web>http://www.novacoast.com</bug_published_web>
<bug_published_company>Novacoast, Inc.</bug_published_company>
<bug_published_date>2001/12/15</bug_published_date>
<bug_advisory>http://www.securityfocus.com/archive/1/245871</bug_advisory>
<bug_affected>Novell Groupwise 6.0</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Weak Authentication</bug_vulnerability_class>
<bug_description>The Novell Groupwise 6.0 servlet server is configured with the default password. As a result, users could be denied access to mail and other servlet based resources.</bug_description>
<bug_solution>Novell has published an advisory and workaround in TID 10067329. The server should be deactivated or de-installed if not necessary. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 8081). Try to prevent unwanted connection attempts by filtering traffic with firewalling. Alternation of the application banner can confuse an attacker and let him determine the wrong software.</bug_solution>
<bug_fixing_time>Approx. 1 hour</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/3697/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>7</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>Medium</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check. A CGI scanner as like N-Stealth, Whisker or Nikto may be able to detect this flaw too.</bug_check_tool>
<source_cve>CAN-2001-1195</source_cve>
<source_securityfocus_bid>3697</source_securityfocus_bid>
<source_nessus_id>12122</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm</source_misc>