Counterpane Password Safe Insecure Random Number Generation Vulnerability
BID:17200
Info
Counterpane Password Safe Insecure Random Number Generation Vulnerability
| Bugtraq ID: | 17200 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 16 2005 12:00AM |
| Updated: | Sep 08 2006 06:38PM |
| Credit: | ElcomSoft Co.Ltd. discovered this vulnerability. |
| Vulnerable: |
Counterpane Password Safe 3.0 BETA1 Counterpane Password Safe 3.0 |
| Not Vulnerable: |
Counterpane Password Safe 3.02 Counterpane Password Safe 3 BETA 2 |
Discussion
Counterpane Password Safe Insecure Random Number Generation Vulnerability
Counterpane Password Safe generates random numbers in an insecure way. This issue allows for easier brute-force decryption attacks. The application fails to properly use a cryptographically secure algorithm for generating random numbers.
This vulnerability allows attackers with access to the Password Safe database to employ a brute-force password-guessing attack against the database much more efficiently than the application's design intended. The data contained in the Password Safe database aids malicious users in further attacks.
This issue occurs only when Password Safe 3.0 is running on operating systems earlier than Microsoft Windows XP.
Counterpane Password Safe generates random numbers in an insecure way. This issue allows for easier brute-force decryption attacks. The application fails to properly use a cryptographically secure algorithm for generating random numbers.
This vulnerability allows attackers with access to the Password Safe database to employ a brute-force password-guessing attack against the database much more efficiently than the application's design intended. The data contained in the Password Safe database aids malicious users in further attacks.
This issue occurs only when Password Safe 3.0 is running on operating systems earlier than Microsoft Windows XP.
Exploit / POC
Counterpane Password Safe Insecure Random Number Generation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Counterpane Password Safe Insecure Random Number Generation Vulnerability
Solution:
The vendor released version 3.0 Beta 2 to address this issue. Please see the references section for further information.
Solution:
The vendor released version 3.0 Beta 2 to address this issue. Please see the references section for further information.
References
Counterpane Password Safe Insecure Random Number Generation Vulnerability
References:
References: