Flowerfire Sawmill Weak Password Encryption Vulnerability
BID:1403
Info
Flowerfire Sawmill Weak Password Encryption Vulnerability
| Bugtraq ID: | 1403 |
| Class: | Design Error |
| CVE: |
CVE-2000-0589 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 26 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | Posted to Bugtraq June 26th, 2000 by Larry Cashdollar <[email protected]> |
| Vulnerable: |
Flowerfire Sawmill 5.0.21 |
| Not Vulnerable: | |
Discussion
Flowerfire Sawmill Weak Password Encryption Vulnerability
Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities.
Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities.
Exploit / POC
Flowerfire Sawmill Weak Password Encryption Vulnerability
This code decrypts sawmill passwords. Posted to bugtraq by Larry Cashdollar <[email protected]> on June 26th, 2000.
This code decrypts sawmill passwords. Posted to bugtraq by Larry Cashdollar <[email protected]> on June 26th, 2000.
Solution / Fix
Flowerfire Sawmill Weak Password Encryption Vulnerability
Solution:
Flowerfire has upgraded their product free of charge to address this problem.
Flowerfire Sawmill 5.0.21
Solution:
Flowerfire has upgraded their product free of charge to address this problem.
Flowerfire Sawmill 5.0.21
-
Flowerfire Flowerfire
http://www.flowerfire.com/
References
Flowerfire Sawmill Weak Password Encryption Vulnerability
References:
References: