Bugtraq mailing list archives
Re: Password problem in Trumpet Winsock.
From: mikedoug () TEXAS NET (Michael Douglass)
Date: Mon, 7 Apr 1997 02:16:48 -0500
On Sun, Apr 06, 1997 at 04:39:27PM -0400, null said:
It is possible to open trumpwsk.ini, take the encrypted string for the $password= variable, and place it in the ppp-username= variable. This, allows one to start up tcpman.exe,g oto File > PPP Options and get the user's password. Impact:
Wait, one could quite simply write a decoder and decode the password from the ini file. I believe someone once told me that Trumpet uses a simple base64 routine to "encode" the password. Trust me, we have routines that will encode/decode the passwords; so the problem is not the ability to move the "encrypted" (used lightly) string into ppp-username, but that there is no real encryption involved in the password saving mechanism. The problem here is that no matter what you do, you have to be able to produce the plain-text password to authenticate with the remote host; so it cannot be encrypted using a one-way hash function (such as UNIX passwords). You could have trumpet encrypt the password with some passphrase--but why not just have it ask for your password when you want to dial in that case? (??) Basically this is not a security "hole" in Trumpet's method of "encrypting" the password because it is not encrypting it at all--it is simply "encoding" it; so that for the majority of non-techies (and even some techies) won't be able to get your password from Trumpet. There may be an important issue there--but I don't see it. But that could just come from years of knowing that the Trumpet passwords were insecure (and easily decoded) and (when using Trumpet) disabling the "password" saving from the dialin script. -- Michael Douglass Texas Networking, Inc. "The past is a foreign country; they do things differently there." L. P. Hartley, British author. The Go-Between, Prologue (1953).
Current thread:
- Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
- Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
- Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
- FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Aleph One (Apr 07)
- CERT Advisory CA-97.09 - Vulnerability in IMAP and POP Aleph One (Apr 07)
- [linux-security] amd 920824upl102 ignores the nodev option Aleph One (Apr 08)