NetcPlus BrowseGate Weak Encryption Vulnerability

NetcPlus BrowseGate Weak Encryption Vulnerability

BrowseGate is a proxy server which supports most standard protocols.

A design error exists in BrowseGate which enables an authenticated user to view other users encrypted passwords. BrowseGate by default intalls in the C:\ProgramFiles\browsegate/ directory and includes a configuration file called brwgate.ini. This file is accessible by all Windows authenticated users and contains the encrypted password. The password is presented in the 'scrnsze' field. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.

Successful exploitation of this vulnerability will lead to unauthorized access to private data.