Sambar Server默认配置密码加密漏洞

Sambar Server默认配置密码加密漏洞

漏洞ID 1106452 漏洞类型 未知
发布时间 2001-07-25 更新时间 2005-05-02
图片[1]-Sambar Server默认配置密码加密漏洞-安全小百科CVE编号 CVE-2001-1106
图片[2]-Sambar Server默认配置密码加密漏洞-安全小百科CNNVD-ID CNNVD-200107-175
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21027
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-175
|漏洞详情
SambarServer5及其之前版本的默认配置会使用加密密码二进制程序编译的对称密钥,远程攻击者可以通过破解密钥或修改sambar程序副本来调用译码程序,从而破解所有用户的密码。
|漏洞EXP
source: http://www.securityfocus.com/bid/3095/info

Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.

Sambar Server provides insecure default protection for user passwords.

The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted.

Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21027.zip
|参考资料

来源:BID
名称:3095
链接:http://www.securityfocus.com/bid/3095
来源:XF
名称:sambar-insecure-passwords(6909)
链接:http://xforce.iss.net/static/6909.php
来源:BUGTRAQ
名称:20010725SambarServerpassworddecryption
链接:http://www.securityfocus.com/archive/1/199418

相关推荐: GNU Radius Remote Denial Of Service Vulnerability

GNU Radius Remote Denial Of Service Vulnerability 漏洞ID 1098850 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2004-02-04 更新时间 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享