lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 18 Feb 2013 16:13:26 +0200
From: Timo Juhani Lindfors <timo.lindfors@....fi>
To: bugtraq@...urityfocus.com
Subject: Re: Aastra IP Telephone encrypted .tuz configuration file leakage

noreply@...tra.com writes:
> Vulnerability fixed in August 2012 release of anacrypt V1.04 encryption tool.  Available on the www.aastra.com website.
>
> IP Phone Configuration File Encryption Tool - Microsoft Windows (Version 1.04, 08/2012, gz) (English, 45.78 KB) 
>
> IP Phone Configuration File Encryption Tool - Linux 32 bit (Version 1.04, 08/2012, gz) (English, 9.18 KB) IP Phone Configuration File 
>
> Encryption Tool - Linux 64 bit (Version 1.04, 08/2012, gz) (English, 9.89 KB) 

Hmm, are you perhaps referring to some other vulnerability? It seems to
me that even V1.04 still uses ECB. If an input string that consists of
only the letter "A" repeated 48 times is encrypted using password
"foo123" the ciphertext shows blocks that are a clear sign of ECB:

$ printf AAAAAAAA  > 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ anacrypt 000000000000.cfg -p foo123
Reading ./000000000000.cfg
Writing 000000000000.tuz

$ hexdump -C 000000000000.tuz
00000000  55 42 43 7f 80 f8 5c 98  0f fc af 26 9e da 16 8d  |UBC...\....&....|
00000010  00 81 57 9f 6f 75 35 30  b6 9d 8a 95 3a 43 2d bb  |..W.ou50....:C-.|
00000020  5d ed 1c 34 2b 90 3d 55  11 ed 1c 34 2b 90 3d 55  |]..4+.=U...4+.=U|
00000030  11 ed 1c 34 2b 90 3d 55  11 ed 1c 34 2b 90 3d 55  |...4+.=U...4+.=U|
00000040  11 ed 1c 34 2b 90 3d 55  11 89 b5 8a a6 c8 99 20  |...4+.=U....... |
00000050  c3 ed 1c 34 2b 90 3d 55  11                       |...4+.=U.|
00000059

$ anacrypt -h

Provides encryption of the configuration files used for the
family of Aastra IP phones, using 56bit triple-DES and site-specific keys.

Copyright (c) 2005-2012, Aastra Technologies, Ltd.
Copyright (c) 1999, Philip J. Erdelsky

anacrypt version: 1.0.4
Usage:
anacrypt {infile.cfg|-d <dir>} [-p password] [-m] [-i] [-v] [-h]
-d <dir> Specifes that all .cfg files in <dir> should be encrypted
[-p passwords] Specify password used to generate keys
-m Generate MAC.tuz files that are phone specific
-v1 Use version 1 encryption(Compatible with older phone models) 
-i Generate security.tuz file
-h Show this help screen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ