GEN:SID 1:807
Message WEB-CGI /wwwboard/passwd.txt access
Summary This event is generated when an attempt is made to download the wwwboard password file
Impact Information disclosure.
An attacker could crack the encrypted password and gain access to the wwwboard
administrator account
Detailed Information Releases of WWWBoard (Matt Wright's CGI webboard application) before
version 2.0 Alpha 2.1 place the encrypted password for the web
application's administrator in a file called "passwd.txt" accessible
from the web root.
Affected Systems  
Attack Scenarios Attacker downloads the passwd.txt file and then launches a password
cracker to brute force the password (the password is encypted via
crypt(3), and password crackers for this format are ubiquitous).  If
the password is successfully cracked (due to weak passwords or
significant cracking resources), the attacker will have administrative
access to the wwwboard web application.
Ease of Attack Simple. Exploit software is not required.
Corrective Action Inspect packet to insure that it was an attempt to download the
password file and not just a webpage discussing WWWBoard.
Insure that local installations of WWWBoard are current and properly
configured to not save the password file into a publically-accessible
area.
Additional References CVE:  CVE-1999-0953
Bugtraq:  BID 649
Arachnids:  463
Rule References arachnids: 463
bugtraq: 649
cve: 1999-0953
cve: 1999-0954
nessus: 10321