| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 14 Aug 2005 21:20:38 -0000 From: nnposter@...rs.sourceforge.net To: bugtraq@...urityfocus.com Subject: Hummingbird FTP Weak Password Encryption Hummingbird FTP Weak Password Encryption Critical: Less critical Impact: Exposure of sensitive information Where: Local system Solution Status: Unpatched Software: Hummingbird Connectivity 10.x http://connectivity.hummingbird.com/products/nc/cpia.html Description: A vulnerability has been identified in Hummingbird FTP, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to the use of a simple algorithm to "encrypt" passwords in FTP profiles (*.hfs). The problem is that a cipher text is generated by incrementing the plain text ASCII value of each password character by 125 (0x7d). This makes it trivial to gain knowledge of the password. The vulnerability has been confirmed in version 10. However, prior versions may also be affected. Solution: Set proper ACLs for FTP profiles. Found by: nnposter History: Vendor notified July 13, 2005 Vendor acknowledged receipt July 13, 2005 Public release August 14, 2005
Powered by blists - more mailing lists