> From: Andrew Daviel [mailto:[EMAIL PROTECTED]]
> /_vti_pvt/service.pwd
>
> _vti_pvt I presume is from NT.
The /_vti_pvt/ exploit is an attempt to grab the password file as stored by
Microsoft FrontPage (a file in the .htpasswd format). can
store the usernames and crypted passwords of readers and (more importantly)
authors. Certain versions of Windows-based Web servers could be tricked into
serving private files even though configured not to (because of the Windows
filesystem). UNIX-based servers are immune to the attack.
> Deniable unless digitally signed
> Andrew Daviel, TRIUMF, Canada
-Alan
