SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   GSuite Vendors:   Imspire
GSuite Discloses Passwords to Local Users
SecurityTracker Alert ID:  1011994
SecurityTracker URL:  http://securitytracker.com/id/1011994
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 29 2004
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Lostmon reported a vulnerability in GSuite. A local user can obtain the target user's GMail password.

It is rpeorted that a local user with access to the target user's 'documents and settings\user_name\Application Data\GSuite\' folder can view the 'settings.xml' file, which contains the target user's password in ASCII value encoded form. The password can be readily decoded.

Impact:   A local user can obtain a target user's GMail password.
Solution:   No solution was available at the time of this entry. The vendor plans to include a fix in the next release.
Vendor URL:  www.imspire.com/gsuite/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Gmail suit Discloses cripted password A local users and can decript it


###############################################
###### Gmail suit decripting password##########
###############################################
os:win 2000 sp 4 ie 6.x whith all fixes
vendor url:http://www.imspire.com/gsuite/index.html
impact: disclosure user information decript password

gmail suit is an application that offers different utilities for
contextual gmail and adds menus our explorer for as much being able to
consult as to send post office to gmail from this suit

Gmail suit once installed leaves in the user folder:
(documents and settings\user_name\Application Data\GSuit\) creates a
called file 'settings.xml' if we watched within this file we see
several data:


<configuration>
  <User>
    <Email>User_name_login</Email>
    <Password>=EC=EF=E9=F3=EC=E1=EE=E5</Password>
  </User>
</configuration>

 1 name of user of the account of gmail
 2 password codified=20

somehow password codified has the same length of characters that
password in flat text introduced by the  user to know like decoding as
simple the one whom serious as to pass character through character to
its 128 to him value ASCII(http://www.bbsinc.com/symbol.html) of
reducing and the turn out to watch in table ASCII and we will have the
correct character of password

example:

=EC=3D(236-128)=3D108=20
108 =3D a

another

=E1=3D(225-128)=3D97
97=3Da
=20
=EC=EF=E9=F3=EC=E1=EE=E5 =3D loislane

atentamente:

Lostmon (lostmon@gmail.com)

Thank Ipy and [D]aRk You are The best friends
Thanks to http://www.ayuda-internet.net (#Ayuda_Internet) for their support
and thx to Estrella to be my ligth.

--=20
La curiosidad es lo que hace mover la mente....
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC