lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00e201c2eeeb$fd24fc60$c3420251@LocalHost>
Date: Thu, 20 Mar 2003 14:21:24 -0000
From: "Advisories" <advisories@...plc.com>
To: <bugtraq@...urityfocus.com>
Subject: Safeboot PC Security User Emuneration Vulnerability


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-	

	IRM Security Advisory No. 003	
	Safeboot PC Security User Emuneration Vulnerability	
	Vulnerablity Type / Importance: User Enumeration / Medium	
	Problem discovered: Fri, 31 Jan 2003 	
	Vendor contacted: Mon, 3 Feb 2003	
	Advisory published: March 20th 2003

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Abstract:

	Safe boot PC security allows the discovery (by trial and error)
of valid user account names by distinguishing between bad login names 
and bad passwords. 

Description:

	Safeboot (www.safeboot.com) is a software product to prevent 
access to a PCs hard disk drive. This protection takes two forms: 
1) Pre-Boot user authentication, 2) Hard Disk Encryption. It is with 
the former that IRM identified a vulnerability.

	Whilst safeboot supports a number of hardware-based tokens to
provide user authentication, without these it relies on Username and 
Password Authentication.
	
	When a user has entered a bad username or password, Safeboot 
will produce an error, specifically stating which of the credentials 
(username or password) is incorrect. By leaving the password blank, or 
entering anything, an attacker could use trial and error to establish 
valid usernames for this or other related systems, before proceding to 
attempt discovery of the associated password.

Tested Versions:

	Safeboot 4.1 (current version)        	
(The authors were not able to obtain any previous versions, but
 understand these would be equally effected)

Tested Operating Systems:

	Windows XP SP1

Vendor & Patch Information:

       The vendor of this product, Control Break International, 
was contacted. They were receptive to our report and produced 
a statement reproduced here:

"Control Break International is aware of IRM's findings. We have not 
considered enumeration of the user list sensitive information up to 
now, as real-world user ID's are often trivial combinations of first 
name, last name, and initials, and are usually easily guessable 
through social engineering. With the popularity of directory systems 
such as AD and Novell, user id's are increasingly similar to e-mail 
addresses, yielding them even simpler to determine. We are however 
sensitive to customer concerns, so for those who would like to 
redefine the error messages reported for incorrect user id and 
password information, we can make available replacement error message 
files accordingly".

       These error message files are not available for public download, 
but users of Safeboot can obtain it by contacting Control Break via
their Website.


Workarounds:

	See Vendor and Patch Information.

Credits:	

Initial vulnerability discovery: 	Chris Crute 


Disclaimer:

	All information in this advisory is provided on an 'as is' basis
in the hope that it will be useful. Information Risk Management Plc is 
not responsible for any risks or occurrences caused by the application 
of this information.

A copy of this advisory may be found at http://www.irmplc.com/advisories

The PGP key used to sign IRM advisories can be obtained from the above 
URL, or from keyserver.net and its mirrors.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Information Risk Management Plc.	http://www.irmplc.com
22 Buckingham Gate			advisories@...plc.com

London					info@...plc.com
SW1E 6LB+44 (0)207 808 6420



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ