exploit the possibilities

Owl Intranet Engine 1.01 Information Disclosure / Unsalted Hashes

Owl Intranet Engine 1.01 Information Disclosure / Unsalted Hashes
Posted Dec 16, 2011
Site redteam-pentesting.de

Owl Intranet Engine version 1.01 suffers from information disclosure and unsalted password hash vulnerabilities.

tags | advisory, vulnerability, info disclosure
MD5 | 5309bbfad4b60e3e517370e823d9ff94

Owl Intranet Engine 1.01 Information Disclosure / Unsalted Hashes

Change Mirror Download
Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes

The Owl Intranet Engine uses no salting in the password hashing
procedure. Furthermore, users in the "Administrators" group are able to
see the MD5 password hashes of every user using the web interface.


Details
=======

Product: Owl Intranet Engine
Affected Versions: 1.01, possibly all older versions
Fixed Versions: none
Vulnerability Type: Information Disclosure, Unsalted Password Hashes
Security Risk: low
Vendor URL: http://owl.anytimecomm.com
Vendor Status: decided not to fix
Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2011-006
Advisory Status: published
CVE: GENERIC-MAP-NOMATCH
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=GENERIC-MAP-NOMATCH


Introduction
============

"Owl is a multi user document repository (knowledge base) system written
in PHP for publishing files/documents onto the web for a corporation,
small business, group of people, or just for yourself."

(From the vendor's homepage)


More Details
============

The administrative interface of the Owl Intranet Engine allows users in
the "Administrators" group to edit user accounts over the "Users&Groups"
tab. If a user is selected for editing, all account information is
shown. In this overview, the password field is filled with the MD5 hash
value of the old user password, as can be seen in the HTML sources.
This allows users with administrative access to the Owl Intranet Engine
to see the password hashes of every user.

Furthermore, no salting is used when the password hashes are generated,
allowing a rainbow tables attack against user passwords.


Fix
===

None.


Security Risk
=============

This vulnerability allows administrative users to collect the MD5
password hashes of every user of the affected Owl Intranet Engine system
through the administrative interface. Because no salting is employed, a
rainbow tables attack can be run against the collected password hashes
and the password values can possibly be recovered in a short time. The
risk potential is however deemed to be low, as users with administrative
access to the OWL Intranet Engine already have extensive access rights.


History
=======

2011-05-29 Vulnerability identified
2011-07-26 Customer approved disclosure to vendor
2011-10-31 Vendor notified
2011-11-30 Vendor releases new version that does not fix the issue
2011-12-15 Advisory released


RedTeam Pentesting GmbH
=======================

RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
fixed immediately.

As there are only few experts in this field, RedTeam Pentesting wants to
share its knowledge and enhance the public knowledge with research in
security related areas. The results are made available as public
security advisories.

More information about RedTeam Pentesting can be found at
http://www.redteam-pentesting.de.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close