[<prev] [next>] [day] [month] [year] [list]
Message-ID: <52975D98.5020408@curesec.com>
Date: Thu, 28 Nov 2013 16:13:28 +0100
From: Curesec Research Team <crt@...esec.com>
To: full-disclosure@...ts.grok.org.uk
Subject: CVE-2013-6223: Local Password Disclosure in
Livezilla prior version 5.1.1.0
Security Advisory - Curesec Research Team
=========================================
1. Introduction
----------------
Advisory ID: Cure-2013-1008
Advisory URL: https://www.curesec.com/
Affected Product: Prior LiveZilla version 5.1.1.0
Affected Systems: Windows
Vendor Contact: support@...ezilla.net
Vulnerability Type: Local Password Disclosure
Remote Exploitable: No
Reported to Vendor: 18.10.2013
Disclosed to Public: 28.11.2013
Release mode: Coordinated release
CVE: CVE-2013-6223
Credentials: crt@...esec.com
2. Vulnerability Description
----------------------------
An 1click file that allows an admin to log into LiveZilla using a mouse
click is saved in a xml representation. This xml file includes the admin
username and password in plaintext.
Base64 is not an encryption mechanism. If an attacker is able to get
access to a 1click file he can easily open the file and discover
username and password for an administrator.
3. Proof of Concept Codes:
--------------------------
Just open the xml based onclick file.
4. Report Timeline
------------------
18.10.2013 Informed Vendor about Issue
21.10.2013 Vendor confirmed issue
21.10.2013 Informed about planned removal of the file
21.11.2013 Vendor published new version with fix
28.11.2013 Disclosed to public
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists