Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OH CRA* FileMaker Server HACKED or.....

Leb i Sol
in Other Internet Technologies

Featured Replies

hi Guys!

Here is another VERY concerning security new:

http://www.securityspace.com/smysecure/catid.html?id=11586

Category: Remote file access

Title: FileMakerPro Detection

Summary: connects to port 49727 and says 'hello'

CVE: Not Available

Bugtraq ID: 7315

Description:

The remote host is running a FileMakerPro server on this port.

There is a flaw in the design of the FileMakerPro server which

makes the database authentication occur on the client side.

An attacker may exploit this flaw to gain access to your databases

without knowing their password, only by connecting to this port

with a rogue client.

Solution : Do not store any sensitive data in your FileMakerPro database.

Risk Factor : High

Copyright: This script is © 2003 Renaud Deraison

-----------------------------------

vulnerable FileMaker FileMaker Pro 5.0

- Apple MacOS 8.0

- Apple MacOS 8.1

- Apple MacOS 8.5

- Apple MacOS 8.6

- Apple MacOS 9.0

- Microsoft Windows NT 4.0

FileMaker FileMaker Pro 5.5 Unlimited

FileMaker FileMaker Pro 5.5

FileMaker FileMaker Pro 6.0 Unlimited

FileMaker FileMaker Pro 6.0

FileMaker FileMaker Server 5.0

FileMaker FileMaker Server 5.5

----------------------------------

solution ANYONE blush.gif

that's what firewalls and vpn connections are made for ...

Rule # 1. do not put any sensitive data anywhere near the web - there is no such thing as a 100% secure web solution.

  • Author

that's what firewalls and vpn connections are made for ...

I know...but still not a good news...VPNs are nice but not always possible - 1/2 static 1/2 DHCP on IPS side :

100% well in some sence everything is over the "wire" how ever you want to define it

we will see what FM support says...they didn't even know about it is what really scares me blush.gif not the fact that I have to deal with it

The report seems a bit odd to me.

Re: There is a flaw in the design of the FileMakerPro server which

makes the database authentication occur on the client side.

Authentication does not occur on the client-side for WebCompanion.

It may be referring to a Server running as a service on a particular platform. Maybe they are saying that you can become localhost through that port and then access the database.

Also, why would you leave port 49727 open?

All the best.

Garry

the flaw affects filemakers ability to connect to remote databases (peer-to-peer or filemaker server), not web companion. so unless you turn multi-user access on, you should be fine ...

How you can connect to port 49727 with "rogue client"?

What is rogue client?

The whole report talks in strange language.

Anyway, does it affect port 5003? If not, what is the fuss about? Every sensible network has firewall.

  • Author

Hi People!

I am sorry I don't have more info...I am waiting for FM techs to see what they have to say about it. As far as port # is concecerned...well even if you are running just a port 80 it still (in my mind) is an issue. I can't speak of Mac servers by I know that Win based systems will "talk" through port 80 ,and IF not specified on FireWall, other ports can become open...eg. Kazaa...runs on 1412 (or 1214 )but establishes connection using port 80 ... if 1412 is blocked by firewall another "high-number port" is assigned automatically.

Anyway, didn't mean to scare people smile.gif just was wondering if anyone else has heard of this issue...FM support obvisoly didn't.

  • Author

unless = yes

I do have multi-user since LAN people do most of the DB updates...remote users run of WebCompadre (#80 not #5003 due to speed issues)...sooooo

sooo block the port on the outside interface, but leave it open for your internal ips ... - provided your server has 2 NICs and an internal firewall ... or if server is running in a DMZ, i.e. a firewall is forwarding reqests on port 80 to your internal FileMaker server, simply block any other ports originating from your inside FileMaker Server and outside 49727.

Anyway, I could not connect to port 49727 on my machine running FMP 6 with Multi-User and Web Companion on ...

5003 and 80 worked ...

  • Author

thanx cjaeger...that is good to know wink.gif

I am not worried about the " network setup" but (see post above) more a about potential "port switching through #80" of this issue. As I said the report I got was so vague that it made a bit worried (not just for FM but other nodes)and on the top of it all....FM reps responded to this issue with a "HA!?...what port?" shocked.gif

I would rather be safe than sorry wink.gif ...anyway I just though to share this info even if it turns out to be harmless

Create an account or sign in to comment

https://fmforums.com/topic/15435-oh-cra-filemaker-server-hacked-or/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.