NetcPlus BrowseGate Weak Encryption Vulnerability
BID:1964
Info
NetcPlus BrowseGate Weak Encryption Vulnerability
| Bugtraq ID: | 1964 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 18 2000 12:00AM |
| Updated: | Nov 18 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Steven Alexander <[email protected]> on Nov 18, 2000. |
| Vulnerable: |
NetcPlus BrowseGate 2.80.2 |
| Not Vulnerable: | |
Discussion
NetcPlus BrowseGate Weak Encryption Vulnerability
BrowseGate is a proxy server which supports most standard protocols.
A design error exists in BrowseGate which enables an authenticated user to view other users encrypted passwords. BrowseGate by default intalls in the C:\ProgramFiles\browsegate/ directory and includes a configuration file called brwgate.ini. This file is accessible by all Windows authenticated users and contains the encrypted password. The password is presented in the 'scrnsze' field. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.
Successful exploitation of this vulnerability will lead to unauthorized access to private data.
BrowseGate is a proxy server which supports most standard protocols.
A design error exists in BrowseGate which enables an authenticated user to view other users encrypted passwords. BrowseGate by default intalls in the C:\ProgramFiles\browsegate/ directory and includes a configuration file called brwgate.ini. This file is accessible by all Windows authenticated users and contains the encrypted password. The password is presented in the 'scrnsze' field. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.
Successful exploitation of this vulnerability will lead to unauthorized access to private data.
Exploit / POC
NetcPlus BrowseGate Weak Encryption Vulnerability
Steven Alexander <[email protected]> has provided the following exploit:
Steven Alexander <[email protected]> has provided the following exploit:
Solution / Fix
NetcPlus BrowseGate Weak Encryption Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
NetcPlus BrowseGate Weak Encryption Vulnerability
References:
References:
- Browsegate Product Homepage (NetcPlus)