lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 16 Jun 2008 16:43:49 -0000
Subject: Returnil Virtual System 2008 - Password Disclosure Issue

Returnil Virtual System 2008 - Password Disclosure Issue

-===[ Vulnerable ]============================================-
Product: Returnil Virtual System 2008
[+] Personal Edition Final
[+] Premium Edition Final
Found on: Tuesday May 6, 2008
Discovered by: fRoGGz [SecuBox Labs]

-===[ Background ]============================================-
The Returnil Virtual System is a powerful virtualization 
technology that completely mirrors your actual computer 
setup. The RVS provides an altogether different and highly 
complimentary level of defense. It's designed to protect 
your computer from all types of software, downloads, 
websites that might harbor viruses, spyware and other 
malicious programs. Returnil virtualization technology 
clones a computer's System Partition and boots the PC into 
this system rather than native Windows, allowing users to 
run your applications in a completely isolated environment.

-===[ Description ]===========================================-
Like many software, configuration access is password protected.
RVSYSTEM.DAT is an encrypted file that contains this config.
But the problem is that the password is decrypted in a static 
memory area BEFORE the user has even identified himself.

Hackers could copy the .dat file or directly grab the plaintext 
password in memory at offset 0x00B0F3A9 then modify the config 
(ex: add a backdoor or keylogger, ...). Of course on every 
future reboot, computer will start with this evil config.

Quote: A private recovery tool have been coded for RVS.

Vendor have NOT been notified, it's a minor problem.

Powered by blists - more mailing lists