NetcPlus SmartServer3 Weak Encryption Vulnerability
BID:1962
Info
NetcPlus SmartServer3 Weak Encryption Vulnerability
| Bugtraq ID: | 1962 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 18 2000 12:00AM |
| Updated: | Nov 18 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Steven Alexander <[email protected]> on Nov 18, 2000. |
| Vulnerable: |
NetcPlus SmartServer3 3.75 |
| Not Vulnerable: | |
Discussion
NetcPlus SmartServer3 Weak Encryption Vulnerability
SmartServer3 is an email server designed for small networks.
A design error exists in SmartServer3 which enables an authenticated user to view other users login information and possibly gain access to passwords. SmartServer3 by default intsalls in the C:\ProgramFiles\smartserver3/ directory and includes a configuration file called dialsrv.ini. This file is accessible by all Windows authenticated users and contains detailed user login information including the encrypted password. However SmartServer3 uses a weak encryption scheme which can easily be broken using a third party utility.
Successful exploitation yields unauthorized access to private data.
The following example of user login information found in the dialsrv.ini file is provided by Steven Alexander <[email protected]>:
[USER1]
realname=Carl Jones
id=Carl
dir=CARL
pw=~:kC@nD3~:
extml=0
alertport=
alert=
UserActive=1
MailLimit=0
MailMAxWarn=0
MailMaxSize=20
SmartServer3 is an email server designed for small networks.
A design error exists in SmartServer3 which enables an authenticated user to view other users login information and possibly gain access to passwords. SmartServer3 by default intsalls in the C:\ProgramFiles\smartserver3/ directory and includes a configuration file called dialsrv.ini. This file is accessible by all Windows authenticated users and contains detailed user login information including the encrypted password. However SmartServer3 uses a weak encryption scheme which can easily be broken using a third party utility.
Successful exploitation yields unauthorized access to private data.
The following example of user login information found in the dialsrv.ini file is provided by Steven Alexander <[email protected]>:
[USER1]
realname=Carl Jones
id=Carl
dir=CARL
pw=~:kC@nD3~:
extml=0
alertport=
alert=
UserActive=1
MailLimit=0
MailMAxWarn=0
MailMaxSize=20
Exploit / POC
NetcPlus SmartServer3 Weak Encryption Vulnerability
Steven Alexander <[email protected]> has provided the following exploit:
Steven Alexander <[email protected]> has provided the following exploit:
Solution / Fix
NetcPlus SmartServer3 Weak Encryption Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].