Ariel FTP Server Default 'document' Account

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FTP server can be accessed with a known login and password
pair.

Description :

The remote host is an Ariel FTP server.

Ariel is a document transmission system mostly used in the academic
world.

It is possible to log into the remote FTP server by connecting as the
user 'document' (or 'ariel4') and with a hex-encoded password based on
the IP address of the host the user is connecting from.

An attacker could log into it and obtain the files from the print
queue or use the remote storage space for anything else.

See also :

http://www4.infotrieve.com/products_services/ariel.asp

Solution :

Filter incoming traffic to this port.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Family: FTP

Nessus Plugin ID: 22870 (ariel_default_account.nasl)

Bugtraq ID:

CVE ID: