CRYPTOCard CRYPTOAdmin 4.1 Weak Encryption Vulnerability
BID:1097
Info
CRYPTOCard CRYPTOAdmin 4.1 Weak Encryption Vulnerability
| Bugtraq ID: | 1097 |
| Class: | Design Error |
| CVE: |
CVE-2000-0275 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 10 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Discovered by Kingpin <[email protected]> and Dildog <[email protected]> and publicized in a L0pht Research Labs/@Stake advisory on April 10th. |
| Vulnerable: |
CRYPTOCard CRYPTOAdmin 4.1 |
| Not Vulnerable: | |
Discussion
CRYPTOCard CRYPTOAdmin 4.1 Weak Encryption Vulnerability
CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user.
CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user.
Exploit / POC
CRYPTOCard CRYPTOAdmin 4.1 Weak Encryption Vulnerability
L0pht/@Stake has released the following proof-of-concept code.
Windows 9.x - DeCRYPTO.zip
Unix - cryptc41.c
L0pht/@Stake has released the following proof-of-concept code.
Windows 9.x - DeCRYPTO.zip
Unix - cryptc41.c