DameWare Mini Remote Control Server Weak Random Key Generation Weakness
BID:9957
Info
DameWare Mini Remote Control Server Weak Random Key Generation Weakness
| Bugtraq ID: | 9957 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2004 12:00AM |
| Updated: | Mar 23 2004 12:00AM |
| Credit: | Discovery is credited to ax09001h <[email protected]>. |
| Vulnerable: |
Dameware Mini Remote Control Server 4.1 .0.0 |
| Not Vulnerable: | |
Discussion
DameWare Mini Remote Control Server Weak Random Key Generation Weakness
It has been reported that DameWare Mini Remote Control Server may prone to a weak random key generation weakness that could allow an attacker to determine the key and therefore ultimately expose encrypted authentication credentials. This issue exists due to a weak random bit generator is being used to generate encryption keys. These keys are used by the application to encrypt user credentials.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by this issue, however, it is possible that prior versions are vulnerable as well.
It has been reported that DameWare Mini Remote Control Server may prone to a weak random key generation weakness that could allow an attacker to determine the key and therefore ultimately expose encrypted authentication credentials. This issue exists due to a weak random bit generator is being used to generate encryption keys. These keys are used by the application to encrypt user credentials.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by this issue, however, it is possible that prior versions are vulnerable as well.
Exploit / POC
DameWare Mini Remote Control Server Weak Random Key Generation Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
DameWare Mini Remote Control Server Weak Random Key Generation Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
DameWare Mini Remote Control Server Weak Random Key Generation Weakness
References:
References:
- DameWare Mini Remote Control Server Product Page (DameWare Development)
- Dameware Passes Weak File Encryption Key in the Clear (ax09001h