exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SecureCRT Insecure Password Storage

SecureCRT Insecure Password Storage
Posted Mar 1, 2013
Authored by Raffaele Addesso

SecureCRT versions 7.0.3 and below suffer from an insecure password storage vulnerability.

tags | advisory
SHA-256 | 9f86dc90948ca930efebc7be252ebd4c728f65185ebe4a3209f6b5906a974f44

SecureCRT Insecure Password Storage

Change Mirror Download
Advisory ID: EWS00001
Product: SecureCRT
Vendor: www.vandyke.com
Vulnerable Version(s): 7.0.3 and probably prior
Tested Version: 7.0.3
Vendor Notification: February 23, 2013
Vendor Patch: No patch
Public Disclosure: February 28, 2013
Vulnerability Type: Insecure password stored
Risk Level: Medium
Solution Status: Workaround by Vendor
Discovered and Provided: Intersistemi Spa EWS Early Warning Services (
http://www.intersistemi.it/ )

-----------------------------------------------------------------------------------------------
Successful exploitation allows to malicious people show encrypted password
stored in config file
session .ini .

Advisory Details

To exploit the vulnerability:

1) Edit the .ini file for example change the username and put in a bad
username

For example

S:"Server To Client MACs"=MD5,SHA1,SHA1-96,MD5-96
S:"Username"=root (change to roots)
D:"Disable Resize"=00000002
D:"Audio Bell"=00000001

2) Save and try to connect the server. At this time the client try to
establish a ssh connection, when the
authentication fail the client show us a popup precompiled form whit
username (false) and password obscured by asterisk


3) Now we use a simple software such as Asterisk Key for reveals Hidden
Passwords



-----------------------------------------------------------------------------------------------

Solution:

In the interim, there are ways to work around the problem
and mitigate the issue:

1) Do not save passwords. The ability to save passwords is
a feature that many of our customers find convenient,
even though it is not a best practice.

2) Disable saving passwords within SecureCRT. For
administrators who want to ensure a high level of
security, we strongly recommend disabling the save
password functionality entirely. SecureCRT provides a
GPO Administrative template to enable administrators to
control whether saving passwords is allowed. Information
about this administrative template can be found in the
SecureCRT help under the "Administrative Template"
topic. Individuals who desire more information regarding
this administrative restriction should contact our
technical support team: support@vandyke.com.

-----------------------------------------------------------------------------------------------

--
Raffaele Addesso
______________________
Intersistemi EWS (Early Warning Service)
Intersistemi Italia S.p.A.
Via dei Galla e dei Sidama, 23
00199 - Rome (Italy)
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close