Hamachi VPN Client 1.0.2.5 Password Disclosure Vulnerability 1) Infos --------- Date : 2008-03-24 Product : Hamachi VPN Client 1.0.2.5 Version : 1.0.2.5 Vendor : www.hamachi.it/ Vendor Status : 2008-03-24 - Not Informed Discovered/Provided By : Giuseppe `Evilcry` Bonfa' - http://evilcry.altervista.org E-mail : evilcry[at]NOSPAM-gmail[dot]com 2) Security Issues ------------------- --- [ Password Disclosure Vulnerability ] --- =============================================== Hamachi is a Client for Trusted VPN Tunneling. It presents a Password Disclosure Vulnerability, because User and Passwords are not correctly protected for Memory Sniffing Attacks, so a local attacker, with a basical Process Memory Dumper, could obtain the Connection Password. --- [ PoC ] --- =============== If a user has saved him/her own Password, a malicious user can launch a Process Memory Dumper and look through the dumped memory and with a simple string searching he can retrieve user /password Useful keywords: USERNAME XCHAT_WARNING_IGNORE= --- [ Patch ] --- =============== - No patch available from the vendor.