SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BiTBOARD Vendors:   BiTSHiFTERS
BiTBOARD Discloses Administrator's Hashed Password to Remote Users
SecurityTracker Alert ID:  1007162
SecurityTracker URL:  http://securitytracker.com/id/1007162
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 10 2003
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2
Description:   A vulnerability was reported in the BiTBOARD (bitboard2) forum software. A remote user can view the administrator's hashed password.

It is reported that a remote user can access the hashed password from the "/admin/data_passwd.dat" file.

Impact:   A remote user can obtain the administrator's hashed password and attempt to crack it.
Solution:   No solution was available at the time of this entry. The vendor reportedly plans to issue a fix in the next release.
Vendor URL:  micklesworld.com/spy98/bitshifters/index.php?get=bitboard&type=product (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Information Disclosure Vulnerability in bitboard2


 ================================================
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<------------------------------------------------>
 ================================================

Advisory Information
--------------------
Advisory Name      : Information Disclosure Vulnerability in bitboard2
Author             : Marc Bromm <theblacksheep@fastmail.fm> Germany
Discover by        : Marc Bromm <theblacksheep@fastmail.fm> Germany
Release Date       : 9. Juli 2003
Application        : bitboard2 (textfile based board)
Vendor Homepage    : http://www.bitshifters.bl.am
Vendor Status      : notified
Vulnerable Versions: bitboard2  (maybe older)
Platforms          : OS Independent, PHP
Severity           : High

######Overview:

The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.

######Exploit:

1. Get the admin passwort hash

The crypt hash of the admin password is stored in
"/admin/data_passwd.dat".
Everyone has access to it. So only get the hash and crackit with john.

The real problem is that many admins don't use secure passwort ;-)

######Vendor Response:

They told me that they are going to fix it in the next version.

Greetz to:

Erik, (O_o)oOoOoOo.
-- 
  
  theblacksheep@fastmail.fm

-- 
http://www.fastmail.fm - The professional email service

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC