[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Tembria Server Monitor Weak Cryptographic Password Storage Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Tembria Server Monitor Weak Cryptographic Password Storage Vulnerability
- From: robkraus@xxxxxxxxxxxxxxx
- Date: 15 Feb 2011 18:59:20 -0000
Tembria Server Monitor Weak Cryptographic Password Storage Vulnerability
Solutionary ID: SERT-VDN-1004
Solutionary Disclosure URL:
http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html
CVE ID: Pending
Product: Tembria Server Monitor
Application Vendor: Tembria
Vendor URL: http://www.tembria.com/products/servermonitor/index.html
Date discovered: 1/22/2011
Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)
Vendor notification date: 1/25/2011
Vendor response date: 1/25/2011
Vendor acknowledgment date: 1/25/2011
Public disclosure date: 2/14/2011
Type of vulnerability: Weak Cryptography - Design Flaw
Exploit Vectors: Local
Vulnerability Description: A vulnerability exists in the Tembria Server Monitor
application allowing an attacker to easily decrypt usernames and passwords used
to authenticate to the application. This is a second level attack that requires
access to the password files stored within the application directory. The
application implements a simple substitution cipher to obfuscate the values of
plaintext usernames and passwords. Obfuscation of the usernames and passwords
is achieved by encrypting them to represent numeric values that are three
characters wide (i.e. e = 057). An attacker who has previously compromised the
host operating system or achieved direct access to the authentication.dat file
found in the "\Tembria\Server Monitor" directory can obtain the encrypted user
credentials and decrypt them with little effort. Credentials using the same
encryption can also be found in XML files located in the "\Tembria\Server
Monitor\Exports" directory.
Tested on: Windows XP, SP3, with Tembria Server Monitor v6.0.4 - Build 2229
default installation.
Affected software versions: Tembria Server Monitor v6.0.4 - Build 2229 default
installation
Impact: In cases where access to the previously mentioned files is obtained, an
attacker can decrypt all username and password values and potentially reuse
them for authentication to other systems within the network environment.
Fixed in: Tembria Server Monitor v6.0.5 - Build 2252
Remediation guidelines: The vendor has created a fix to address the discovered
issues. Upgrade to Tembria Server Monitor v6.0.5 - Build 2252 or later.