lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200304291621.h3TGLOoK007055@mailout.syss.de>
Date: Tue, 29 Apr 2003 18:02:19 +0200
From: Kroma Pierre <kroma@...s.de>
To: bugtraq@...urityfocus.com
Subject: Auerswald COMsuite/ Back Door


------------------------------------------------------------------------
SySS-Advisory: Auerswald COMsuite/ Back Door

DATE: April 16th 03 (Published 29th April 03)

AUTHOR: Sebastian Schreiber <Schreiber@...S.de>
        SySS GmbH
        72070 Tübingen / Germany
        Tel.: +49-7071-407856-0

AFFECTED SYSTEMS:
   Auerswald COMsuite CTI ControlCenter 3,1,2001,6
   (also known as: 3.1 06/2001)
   (see: www.auerswald.de)

DESCRIPTION:
   If you install the CTI applicaton "Auerswald
   COMsuite CTI Control Center" a user "runasositron"
   is created. The user's password is known by SySS and
   very easy to guess (using L0phtCrack for example).

IMPACT: This account can be used locally and remotely to
        access the Windows PC on which COMsuite is installed.

WORKAROUND: Deactivate the user. CTI still works.

VENDOR STATUS: Auerswald has been contacted on April 15th 2003.
               Auerswald told me that deactivating the
               account might disable fax/voice mail if nobody
               is logged on.

Best regards,

Dipl.-Inform. Pierre Kroma 
Security Consultant 
======================================================== 

SySS GmbH
72070 Tübingen 
Germany 

Voice:  	++49 7071-407856-0 
mailto: 	Kroma@...s.de
Key fingerprint = 927A B13E 16F5 BBAB 8F17  75EB D8E1 A9A4 F257 4EEC



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ