Novell iChain Mini FTP Server Unlimited Login Attempt
Remote / Network Access
Loss of Integrity
Novell iChain MiniFTP Server contains a flaw that may allow a malicious user to make unlimited, unsuccessful login attempts. The issue is due to the FTP server not limiting the amount of unsuccessful login attempts, making brute force style attacks more effective.
Upgrade to version 2.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround:
1. enable NCPIP access to the iChain server
2. map a drive to the iChain server using a Novell client
3. run ConsoleOne and highlight the ICS container in the ICS_TREE DNS tree
4. Right click the mouse, and select "Properties" to open the Container Properties dialog box.
5. In the container "Properties" Dialog window that appears, click on the "GENERAL" tab and select "Intruder Detection."
6. The "Intruder Detection" Dialog screen should appear, and you can then select the appropriate options.
7. Configure all settings based on what best suits your needs eg. number of login attmpts before account locked.