Cart32 Admin Password Vulnerability
BID:1915
Info
Cart32 Admin Password Vulnerability
| Bugtraq ID: | 1915 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 06 2000 12:00AM |
| Updated: | Nov 06 2000 12:00AM |
| Credit: | This vulnerability was first reported to Bugtraq on November 6, 2000 by Colin Hart <[email protected]> |
| Vulnerable: |
McMurtrey/Whitaker & Associates Cart32 3.5 Build 619 |
| Not Vulnerable: |
McMurtrey/Whitaker & Associates Cart32 3.5 a Build 710 |
Discussion
Cart32 Admin Password Vulnerability
Cart32 is a popular Shopping Cart systems for Windows developed by McMurtrey/Whitaker & Associates.
During a remote installation, Cart32 creates a default cart32.ini file which contains the administrator password. The password is only weakly encrypted and as such, an attacker could grab the password hash from the .ini file and crack it leading to an attacker gaining Administrator privileges. In addition, the .ini file may contain the current and past administrative passwords displayed in clear text in the Debug section of the .ini file.
Cart32 is a popular Shopping Cart systems for Windows developed by McMurtrey/Whitaker & Associates.
During a remote installation, Cart32 creates a default cart32.ini file which contains the administrator password. The password is only weakly encrypted and as such, an attacker could grab the password hash from the .ini file and crack it leading to an attacker gaining Administrator privileges. In addition, the .ini file may contain the current and past administrative passwords displayed in clear text in the Debug section of the .ini file.
Exploit / POC
Cart32 Admin Password Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Cart32 Admin Password Vulnerability
Solution:
The vendor has recommended that users upgrade to Cart32 ver. 3.5a Build 710 immediately. This version has stronger encryption and removes the Debug issue. McMurtrey/Whitaker & Associates also recommend following advice contained in their knowledge base article. Please see the reference section for the URL.
McMurtrey/Whitaker & Associates Cart32 3.5 Build 619
Solution:
The vendor has recommended that users upgrade to Cart32 ver. 3.5a Build 710 immediately. This version has stronger encryption and removes the Debug issue. McMurtrey/Whitaker & Associates also recommend following advice contained in their knowledge base article. Please see the reference section for the URL.
McMurtrey/Whitaker & Associates Cart32 3.5 Build 619
-
McMurtrey/Whitaker & Associates Cart32
http://www.cart32.com/update
References
Cart32 Admin Password Vulnerability
References:
References:
- Knowledge Base Article (McMurtrey/Whitaker & Associates)