SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Client)  >  GSuite Vendors:  Imspire
GSuite Discloses Passwords to Local Users
SecurityTracker Alert ID:  1011994
SecurityTracker URL:  http://securitytracker.com/id?1011994
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 29 2004
Impact:  Disclosure of authentication information
Exploit Included:  Yes   Vendor Confirmed:  Yes  
Description:  Lostmon reported a vulnerability in GSuite. A local user can obtain the target user's GMail password.

It is rpeorted that a local user with access to the target user's 'documents and settings\user_name\Application Data\GSuite\' folder can view the 'settings.xml' file, which contains the target user's password in ASCII value encoded form. The password can be readily decoded.
Impact:  A local user can obtain a target user's GMail password.
Solution:  No solution was available at the time of this entry. The vendor plans to include a fix in the next release.
Vendor URL:  www.imspire.com/gsuite/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (Any)
Reported By:  Lostmon <lostmon@gmail.com>
Message History:   None.

 Source Message Contents
Date:  Tue, 26 Oct 2004 13:07:24 +0200
From:  Lostmon <lostmon@gmail.com>
Subject:  Gmail suit Discloses cripted password A local users and can decript it

 
 
###############################################
###### Gmail suit decripting password##########
###############################################
os:win 2000 sp 4 ie 6.x whith all fixes
vendor url:http://www.imspire.com/gsuite/index.html
impact: disclosure user information decript password
 
gmail suit is an application that offers different utilities for
contextual gmail and adds menus our explorer for as much being able to
consult as to send post office to gmail from this suit
 
Gmail suit once installed leaves in the user folder:
(documents and settings\user_name\Application Data\GSuit\) creates a
called file 'settings.xml' if we watched within this file we see
several data:
 
 
<configuration>
  <User>
    <Email>User_name_login</Email>
    <Password>=EC=EF=E9=F3=EC=E1=EE=E5</Password>
  </User>
</configuration>
 
 1 name of user of the account of gmail
 2 password codified=20
 
somehow password codified has the same length of characters that
password in flat text introduced by the  user to know like decoding as
simple the one whom serious as to pass character through character to
its 128 to him value ASCII(http://www.bbsinc.com/symbol.html) of
reducing and the turn out to watch in table ASCII and we will have the
correct character of password
 
example:
 
=EC=3D(236-128)=3D108=20
108 =3D a
 
another
 
=E1=3D(225-128)=3D97
97=3Da
=20
=EC=EF=E9=F3=EC=E1=EE=E5 =3D loislane
 
atentamente:
 
Lostmon (lostmon@gmail.com)
 
Thank Ipy and [D]aRk You are The best friends
Thanks to http://www.ayuda-internet.net (#Ayuda_Internet) for their support
and thx to Estrella to be my ligth.
 
--=20
La curiosidad es lo que hace mover la mente....


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC