SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Spy Sweeper Vendors:   Webroot Software, Inc.
Webroot Spy Sweeper Enterprise Discloses Administrative Password to Local Users
SecurityTracker Alert ID:  1012226
SecurityTracker URL:  http://securitytracker.com/id/1012226
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 13 2004
Impact:   Disclosure of authentication information
Exploit Included:  Yes  

Description:   A vulnerability was reported in Webroot Spy Sweeper Enterprise. A local user can determine the administrative password.

Frank Mileto reported that the software stores the administrative password in plaintext format in the following registry key:

HKEY_LOCAL_MACHINESOFTWAREWebrootEnterpriseSpy Sweeperap
Impact:   A local user can determine the administrative password.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.webroot.com/products/spysweeper/enterprise/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Sat, 13 Nov 2004 07:27:19 -0600
Subject:  [Full-Disclosure] Webroot Spy Sweeper Enterprise Adminpassord open to the world



<BODY><DIV>Not sure if this list is the right place for this.......</DIV>
<DIV>Spy Sweeper Enterprise from&nbsp; webroot </DIV>
<DIV><A href="http://www.webroot.com/products/spysweeper/enterprise/">http://www.webroot.com/products/spysweeper/enterprise/</A><BR>&nbsp;leaves
 the admin password in plain site you can find it by going to&nbsp; </DIV>
<DIV>HKEY_LOCAL_MACHINESOFTWAREWebrootEnterpriseSpy Sweeperap</DIV>
<DIV>This can be done from the booted box or using chntpw from a bootdisk(knoppix std, hiren)</DIV>
<DIV>This&nbsp;seems worse then just booting from boot disk and changing password due the fact that a intruder now has the CORRECT
 admin password so staff would not know that the box had been touched.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Frank Mileto <BR>NE/FS Advocate Health Care(GSH)<BR><BR></DIV></BODY>

<p>

This e-mail, and any attachments thereto, is intended only for use by 
the addressee(s) named herein and may contain legally privileged and/or 
confidential information.  If you are not the intended recipient of 
this e-mail (or the person responsible for delivering this document to 
the intended recipient), you are hereby notified that any 
dissemination, distribution, printing or copying of this e-mail, and 
any attachments thereto, is strictly prohibited.  If you have received 
this e-mail in error, please respond to the individual sending the 
message and notify our office at 630-990-5655, and permanently delete 
the original and any copy of any e-mail and any printout thereof.
<p>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC