CVE-2000-0559
CVSS2.1
发布时间 :2000-06-07 00:00:00
修订时间 :2008-09-10 15:05:02
NMCOES    

[原文]eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.


[CNNVD]Computer Associates eTrust入侵检测系统弱加密漏洞(CNNVD-200006-034)

        eTrust入侵检测系统(以前称为SessionWall-3)使用弱加密系统(XOR)存储注册表中管理员密码。本地用户利用此漏洞可以轻松破解密码。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0559
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0559
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200006-034
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1341
(VENDOR_ADVISORY)  BID  1341
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.21.0006072124320.28062-100000@bearclaw.bogus.net
(UNKNOWN)  BUGTRAQ  20000607 SessionWall-3 Paper + (links to) code

- 漏洞信息

Computer Associates eTrust入侵检测系统弱加密漏洞
低危 设计错误
2000-06-07 00:00:00 2005-10-20 00:00:00
远程※本地  
        eTrust入侵检测系统(以前称为SessionWall-3)使用弱加密系统(XOR)存储注册表中管理员密码。本地用户利用此漏洞可以轻松破解密码。

- 公告与补丁

        Computer Associates claims this vulnerability required administrative access to a machine to exploit. This issue has been addressed in the latest release of the product which is now at CA (Release 4, build 1.4.5).
        Computer Associates eTrust Intrusion Detection 1.4.1 .13
        

- 漏洞信息 (20012)

Computer Associates eTrust Intrusion Detection 1.4.1 .13 Weak Encryption Vulnerability (EDBID:20012)
windows local
2000-06-07 Verified
0 Phate.net
N/A [点击下载]
source: http://www.securityfocus.com/bid/1341/info

A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System (formerly known as SessionWall-3) password which authorizes users to view and configure the application's registry settings.

Provided that either a remote or local user has access to the registry, it is possible to decrypt the password into plaintext with the use of an exploit tool (sw3passw.exe) or through simple XORing techniques.

This password along with the key is stored in the following registry location:
HKEY_LOCAL_MACHINE\Software\ComputerAssociates\SessionWall\1.0\Security\AdminPassword

The first byte will be the length of the key (n), the next (n) bytes are the key, the remaining bytes are the encrypted password with the exception of the last byte which is a terminating null. 

20012-1.exe - Administrator password decryptor for Win 9x/NT.
20012-2.zip - Source code (use TASM). 

http://www.exploit-db.com/sploits/20012-1.exe

http://www.exploit-db.com/sploits/20012-2.zip		

- 漏洞信息

4866
CA eTrust Intrusion Detection Password Exposure
Local Access Required Cryptographic
Loss of Integrity
Exploit Public

- 漏洞描述

eTrust contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by accessing a specific registry key and decoding the encrypted passwords, which may lead to a loss of integrity.

- 时间线

2000-06-07 Unknow
2000-06-07 Unknow

- 解决方案

Upgrade to release 4 build 1.4.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Computer Associates eTrust Intrusion Detection System Weak Encryption Vulnerability
Design Error 1341
Yes Yes
2000-06-07 12:00:00 2009-07-11 02:56:00
Posted to Bugtraq on June 7, 2000 by Codex <codex@bogus.net>.

- 受影响的程序版本

Computer Associates eTrust Intrusion Detection 1.4.1 .13
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Computer Associates eTrust Intrusion Detection 1.4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0

- 不受影响的程序版本

Computer Associates eTrust Intrusion Detection 1.4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0

- 漏洞讨论

A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System (formerly known as SessionWall-3) password which authorizes users to view and configure the application's registry settings.

Provided that either a remote or local user has access to the registry, it is possible to decrypt the password into plaintext with the use of an exploit tool (sw3passw.exe) or through simple XORing techniques.

This password along with the key is stored in the following registry location:
HKEY_LOCAL_MACHINE\Software\ComputerAssociates\SessionWall\1.0\Security\AdminPassword

The first byte will be the length of the key (n), the next (n) bytes are the key, the remaining bytes are the encrypted password with the exception of the last byte which is a terminating null.

- 漏洞利用

Phate.net has released the following exploits:

sw3passw.exe - Administrator password decryptor for Win 9x/NT.
sw3pwsrc.zip - Source code (use TASM).

- 解决方案

Computer Associates claims this vulnerability required administrative access to a machine to exploit. This issue has been addressed in the latest release of the product which is now at CA (Release 4, build 1.4.5).


Computer Associates eTrust Intrusion Detection 1.4.1 .13

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站