| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Dec 2011 11:24:47 +0100 From: RedTeam Pentesting GmbH <release@...team-pentesting.de> To: full-disclosure@...ts.grok.org.uk Subject: [RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes The Owl Intranet Engine uses no salting in the password hashing procedure. Furthermore, users in the "Administrators" group are able to see the MD5 password hashes of every user using the web interface. Details ======= Product: Owl Intranet Engine Affected Versions: 1.01, possibly all older versions Fixed Versions: none Vulnerability Type: Information Disclosure, Unsalted Password Hashes Security Risk: low Vendor URL: http://owl.anytimecomm.com Vendor Status: decided not to fix Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2011-006 Advisory Status: published CVE: GENERIC-MAP-NOMATCH CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=GENERIC-MAP-NOMATCH Introduction ============ "Owl is a multi user document repository (knowledge base) system written in PHP for publishing files/documents onto the web for a corporation, small business, group of people, or just for yourself." (From the vendor's homepage) More Details ============ The administrative interface of the Owl Intranet Engine allows users in the "Administrators" group to edit user accounts over the "Users&Groups" tab. If a user is selected for editing, all account information is shown. In this overview, the password field is filled with the MD5 hash value of the old user password, as can be seen in the HTML sources. This allows users with administrative access to the Owl Intranet Engine to see the password hashes of every user. Furthermore, no salting is used when the password hashes are generated, allowing a rainbow tables attack against user passwords. Fix === None. Security Risk ============= This vulnerability allows administrative users to collect the MD5 password hashes of every user of the affected Owl Intranet Engine system through the administrative interface. Because no salting is employed, a rainbow tables attack can be run against the collected password hashes and the password values can possibly be recovered in a short time. The risk potential is however deemed to be low, as users with administrative access to the OWL Intranet Engine already have extensive access rights. History ======= 2011-05-29 Vulnerability identified 2011-07-26 Customer approved disclosure to vendor 2011-10-31 Vendor notified 2011-11-30 Vendor releases new version that does not fix the issue 2011-12-15 Advisory released RedTeam Pentesting GmbH ======================= RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at http://www.redteam-pentesting.de. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists