![$site['alt']](/img/irfan-toor-32-dark.jpeg)
Irfan TOOR Sambar Server 4.x/5.0 - Insecure Default Password Protection
Author: 3APA3A type: remote platform: multiple port: date_added: 2001-07-25 date_updated: 2012-09-10 verified: 1 codes: CVE-2001-1106;OSVDB-5468 tags: aliases: screenshot_url: application_url: raw file: 21027.txt
source: https://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted. Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21027.zip