[原文]The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.
Sambar Server provides insecure default protection for user passwords.
The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted.
Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.