COMMAND
	    24Link Webserver
SYSTEMS AFFECTED
	    24Link 1.06 Webserver
PROBLEM
	    'phriction' found following.  A vulnerability was found in  24Link
	    1.06  Web  Server   for  Windows  95/98/2000/NT   machines.    The
	    vulnerability allows you to  view any password protected  files on
	    the Web Server, provided that the Authorization - Check User  Name
	    and Password-  On all  Requests option  wasn't chosen,  which asks
	    for user name/password for every  request sent to the server.   If
	    specific files are password protected, for example by default  the
	    access.txt  log  file  is,  we  can  bypass the password prompt by
	    putting one  of these  before the  filename in  the request to the
	    server,
	
	        /+/
	        /./
	        /+./
	        /++/
	        /++./
	
	    or any of these and the ending  slash being two or more /'s up  to
	    around 200.. for example http://24link.net/++//////protected.html
	    For example 24Link has a default file password protected, the  log
	    file  so   on  a   24Link  Server   we  would   send  a    request
	    "GET  /+/access.txt  HTTP/1.0\r\n"  or  type  in  favorite browser
	    http://24linkserver.com/+/access.txt   it    will    return    the
	    access.txt.   And  works   on  any  other  specifically   password
	    protected file or  directory, also by  default 24Link 1.06  allows
	    directory listing which can lead to many a security compromise.
SOLUTION
	    Vendor was contacted, but  there is no response.   If you have  to
	    have sensitive information make  sure you uncheck allow  directory
	    listings under  the options  menu and  choose the  Authorization -
	    Check  User  Name  and  Password-  On  all  Requests  option or in
	    2000/NT setting up rights so those files are not world-readable.