lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <41E5465E.4030909@artegence.com>
Date: Wed, 12 Jan 2005 16:46:38 +0100
From: Maciej Bogucki <maciej.bogucki@...egence.com>
To: bugtraq@...urityfocus.com
Subject: Arkeia Possible remote root & information leakage


During the testing of arkeia a few security holes has been discovered.

Vulnerable System: Arkeia 4.2.x, 5.2.x and 5.3.x

Details:

1. Writable directory

$ ls -ld /opt/arkeia/server/dbase/
drwxrwxrwx  10 root root 4096 gru 27 13:40 /opt/arkeia/server/dbase/

2. Default the "root" account password is set to null

$ cat  /opt/arkeia/server/dbase/f3sec/usr.lst
ITEM    {
         "NODE"  "*"
         "PASSWORD"      ""
         "ROLE"  "ADMINISTRATOR"
         "NAME"  "root"
}

3. Password file readable by any user

$ ls -l  /opt/arkeia/server/dbase/f3sec/usr.lst
-rw-r--r--  1 root root 117 gru 27 13:59
/opt/arkeia/server/dbase/f3sec/usr.lst

4. password is hashed with the crypt function with a constant salt
    ( the characters "n3" ) - 8 character passwords maximum
    See: http://seclists.org/lists/bugtraq/2001/Aug/0237.html

5. arkeiad is starting default on all computers

$ netstat -nlp | grep 617
tcp        0      0 0.0.0.0:617             0.0.0.0:* LISTEN 5570/arkeiad

arkeiad isn't needed on client-gui


Conclusion: Nothing has changed since version 4.2. See References.
Vendor informed: April, 2004
Thanks: Quentyn Taylor
References:
http://www.securityfocus.com/archive/1/205378
http://www.arkeia.com/



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ