RESOURCES
FTGate Pro - Multiple Vulnerabilities

DESCRIPTION

"FTGate is a professional, award winning family of mail server applications that offer you exceptional performance, comprehensive features, ease of use and advanced security features in a cost effective package."

More information at http://www.floosietek.com.

SUMMARY

PRODUCT FTGate Pro
VENDOR Floosietek
AFFECTED VERSIONS FTGate Pro 1.2, build 1331
SEVERITY
IDENTIFIER N/A
TESTED PLATFORM Windows 2000, Windows XP Professional

IMPACT

Information Disclosure.

Username and Password exposures.

DETAILS

[Vulnerability #1] Information Disclosure

Upon executed, the script http://www.victim.com:8089/tools/ftgatedump.fts the FTGate configuration into a file so that you can send it to FTGate support team for support should you encounter any problem with the software. Unfortunately, the script itself isn't restricted access so it can be easily executed arbitrarily by anyone with an Internet connection.

Various information about the FTGate server wil be dumped to a file named ftfgate_dump.txt, located in the x:\Program Files\FTGate\ directory. Of course, you cannot have direct access to the dump file and download it but you can still view it with the help of the ftgatedump.fts script. Simply appending 1 to the command parameter of the script will do the trick, for example http://www.victim.com:8089/tools/ftgatedump.fts?command=1.

[Vulnerability #2] FTGate Pro Username and Password exposures

The script exportmbx.fts does exactly what it says "exports the mailboxes for a domain to a text file" and it faces the same problem like the ftgatedump.fts script, lacking of access control mechanism. An Internet user can just export mailbox of any local domain into a file (CSV format), which is located in the FTGate program directory. It is important to check the "Export Password" option before exporting the mailbox.

The exportmbx.fts script does not have an option for you to view the file like the ftgatedump.fts does but you can get around that by having the exportmbx.fts script export to a file named "ftgate_dump.txt" and later use the ftgatedump.fts script to view the file. Alternatively, you can also export it to FTGate server's root directory and download it if you wish. There you have it folks!

PROOF OF CONCEPT

[Vulnerability #1] Information Disclosure

Various information about the FTGate server wil be dumped to a file named ftfgate_dump.txt, located in the x:\Program Files\FTGate\ directory. Of course, you cannot have direct access to the dump file and download it but you can still view it with the help of the ftgatedump.fts script. Simply appending 1 to the command parameter of the script will do the trick, for example http://www.victim.com:8089/tools/ftgatedump.fts?command=1.

VENDOR STATUS

Vendor has verified and released a patch that addresses the issues. You can download the patch/fixed version athttp://www.floosietek.com/files/ftgate12.exe.

CREDIT

Phuong Nguyen

DISCLOSURE TIMELINE

N/A

APPENDIX

N/A

REFERENCES

N/A

We use cookies

This website uses cookies to ensure you get the best experience on our website. By continuing to browse the site, you agree to our use of cookies.Learn more