Reported January 9, 2001, by Chris Wysopal.
Netscape Enterprise Server 4.0 Service Pack 2 up to 4.1 Service Pack 8 for Windows 2000 and Windows NT
A vulnerability exists in a Netscape Enterprise’s Web Publishing that lets an attacker use brute force to access user names and passwords that the system has stored. By using the Web Publishing command “?wp-force-auth” in conjunction with an HTTP Get Authorization:Basic Header with Base 64 usernames/passwords, an intruder can obtain a valid username/password combination from the directory.
The vendor, iPlanet, acknowledges this vulnerability and has released a knowledge base article on this issue. iPlanet further recommends that affected users disable the Web Publishing and Directory Indexing features on externally accessible systems and add the ?wp-force-auth command to Intrusion Detection System (IDS) patterns.
Discovered by Richard Brain.