DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
BID:9959
Info
DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
| Bugtraq ID: | 9959 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2004 12:00AM |
| Updated: | Mar 23 2004 12:00AM |
| Credit: | Discovery is credited to ax09001h <[email protected]>. |
| Vulnerable: |
DameWare Development Mini Remote Control Server 4.1 .0.0 DameWare Development Mini Remote Control Server 4.0 DameWare Development Mini Remote Control Server 3.73 .0.0 DameWare Development Mini Remote Control Server 3.72 .0.0 DameWare Development Mini Remote Control Server 3.71 .0.0 DameWare Development Mini Remote Control Server 3.70 .0.0 |
| Not Vulnerable: |
DameWare Development Mini Remote Control Server 4.2 .0.0 DameWare Development Mini Remote Control Server 3.74 .0.0 |
Discussion
DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
It has been reported that DameWare Mini Remote Control Server may be prone to a clear text encryption key disclosure vulnerability. The issue presents itself because the file encryption key is sent over the network in plain text format.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by this issue, however, it is possible that prior versions are vulnerable as well.
It has been reported that DameWare Mini Remote Control Server may be prone to a clear text encryption key disclosure vulnerability. The issue presents itself because the file encryption key is sent over the network in plain text format.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by this issue, however, it is possible that prior versions are vulnerable as well.
Exploit / POC
DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
Solution:
The vendor has released Mini Remote Control Server 3.74 to address this issue in 3.x versions and 4.2 to address this issue in 4.x versions. Additional information can be obtained from the vendor advisory available in web references.
DameWare Development Mini Remote Control Server 4.0
DameWare Development Mini Remote Control Server 4.1 .0.0
Solution:
The vendor has released Mini Remote Control Server 3.74 to address this issue in 3.x versions and 4.2 to address this issue in 4.x versions. Additional information can be obtained from the vendor advisory available in web references.
DameWare Development Mini Remote Control Server 4.0
-
DameWare Development Mini Remote Control Server 4.2
http://www.dameware.com/download/
DameWare Development Mini Remote Control Server 4.1 .0.0
-
DameWare Development Mini Remote Control Server 4.2
http://www.dameware.com/download/
References
DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
References:
References:
- DameWare Mini Remote Control Encryption Key issues resolved with the release of (DameWare Development)
- DameWare Mini Remote Control Server Product Page (DameWare Development)
- Dameware Passes Weak File Encryption Key in the Clear (ax09001h