lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20110215185920.12850.qmail@securityfocus.com>
Date: 15 Feb 2011 18:59:20 -0000
From: robkraus@...utionary.com
To: bugtraq@...urityfocus.com
Subject: Tembria Server Monitor Weak Cryptographic Password Storage
 Vulnerability

Tembria Server Monitor Weak Cryptographic Password Storage Vulnerability

Solutionary ID: SERT-VDN-1004 

Solutionary Disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html

CVE ID: Pending 

Product: Tembria Server Monitor 

Application Vendor: Tembria 

Vendor URL: http://www.tembria.com/products/servermonitor/index.html 
Date discovered: 1/22/2011 

Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT) 

Vendor notification date: 1/25/2011 

Vendor response date: 1/25/2011 

Vendor acknowledgment date: 1/25/2011 

Public disclosure date: 2/14/2011

Type of vulnerability: Weak Cryptography - Design Flaw

Exploit Vectors: Local

Vulnerability Description: A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory. The application implements a simple substitution cipher to obfuscate the values of plaintext usernames and passwords. Obfuscation of the usernames and passwords is achieved by encrypting them to represent numeric values that are three characters wide (i.e. e = 057). An attacker who has previously compromised the host operating system or achieved direct access to the authentication.dat file found in the "\Tembria\Server Monitor" directory can obtain the encrypted user credentials and decrypt them with little effort. Credentials using the same encryption can also be found in XML files located in the "\Tembria\Server Monitor\Exports" directory. 

Tested on: Windows XP, SP3, with Tembria Server Monitor v6.0.4 - Build 2229 default installation. 

Affected software versions: Tembria Server Monitor v6.0.4 - Build 2229 default installation

Impact: In cases where access to the previously mentioned files is obtained, an attacker can decrypt all username and password values and potentially reuse them for authentication to other systems within the network environment.

Fixed in: Tembria Server Monitor v6.0.5 - Build 2252

Remediation guidelines: The vendor has created a fix to address the discovered issues. Upgrade to Tembria Server Monitor v6.0.5 - Build 2252 or later.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ