Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Meant to serve as the open/public
Nasa ftp vulnerable anonymous
Disclosed by F4B1O- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date over 1 year ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by F4B1O
Overview of the Vulnerability
Sensitive data can be exposed by web servers that list the contents of directories without an index page, increasing the exposure of files that are not meant to be accessed. Within this application, confidential data was exposed through a directory listing that was enabled. This allows an attacker to quickly identify resources in a specific path or gain access to data stored in the directory by browsing the directory listing.
Data exposure can result in reputational damage to the business by impacting customer trust. The severity of the business impact depends on the sensitivity of the data stored in the directory listing.
Hello, NASA Team,
Recently, while conducting research on one of your subdomains, I discovered an exposed FTP subdomain vulnerable to the default login and password "anonymous." Using a program called FileZilla, it was very easy to access and navigate within the server.
URL: https://cdaweb.gsfc.nasa.gov
Host: 169.154.154.63
Proof of Concept (PoC)
First, I used the command "nmap -sV -sC -Pn -A 169.154.154.63."
After the scan, I was able to list what was on the server. I tried to access it using the login and password "anonymous" but was unsuccessful. Then, using the FileZilla tool, I was able to log in, list, and transfer documents to my machine.
I have sent some images; please check them if possible.
If you need any more adjustments or additional translations, feel free to ask!