Bugtraq mailing list archives

Plaintext Password in Tractive's Remote Manager Software

From: tgryffyn () meetinghousetech com (Trevor Gryffyn)
Date: Fri, 19 Feb 1999 17:35:45 -0500


A pretty minor thing, but thought I'd bring it up anyway.  I hope it hasn't
already been reported.


Software:  Triactive's Remote Management Software
Web Site: http://www.triactive.com/

Software Description:

Enables IS techs to remotely control (to a large degree, but not like
pcAnywhere real-time control) a remote 95/98/NT machine.  This includes
viewing almost anything viewable as far as system configuration and settings
go, browsing the system and execute programs via a forms based DOS utility,
browsing the system and whatever it can view via Network Neighborhood (with
that machine's permissions) and rename, delete, remotely launch, edit,
download, etc files.  It even allows you to view and modify the registry of
the machine that it's running on.


Problem Description:

There are two forms of authentication that this program can use.  Either
authenticate off of an NT machine, Basic (clear text) or Challenge and
Response (for 95 you have to have USER-LEVEL ACCESS CONTROL and a Domain
configured in your Network settings for this to work) or by way of a
username and password that you set in the program (on a 95 machine, if it's
set for Share-Level Access control).

It *will* warn you that it's best to use the User-Level access control, but
if you chose not to, it stores the Username and Password that you define in
plaintext under:

HKLM\SOFTWARE\TriActive\Remote Manager\Username
and..
HKLM\SOFTWARE\TriActive\Remote Manager\Password



I havn't had the opportunity to try this product on an NT machine yet to see
if it does anything bad on that front, but there's a possibility.

On the surface this is pretty minor, but if someone could gain access to
your registry then you've just opened up a gateway to do a great deal of
damage to your machine or be used to some degree to bounce off of your
machine to do damage elsewhere especially coupled with other products out
there.



Trevor Gryffyn
Meetinghouse Technologies
tgryffyn () meetinghousetech com

Current thread:

Re: [HERT] Advisory #002 Buffer overflow in lsof, (continued)
- - - Re: [HERT] Advisory #002 Buffer overflow in lsof Vic Abell (Feb 18)
    - Tetrix 1.13.16 is Vulnerable Steven Hodges (Feb 17)
    - Re: Tetrix 1.13.16 is Vulnerable Pavel Machek (Feb 19)
    - ADMsnmp SNMP Audit scanner root (Feb 17)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Gene Spafford (Feb 18)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Theo de Raadt (Feb 18)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Gene Spafford (Feb 18)
    - IE0199.exe uninstaller David Brumley (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Weld Pond (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Valdis.Kletnieks () VT EDU (Feb 19)
    - Plaintext Password in Tractive's Remote Manager Software Trevor Gryffyn (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Peter W (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof John DiMarco (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof brian j pardy (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Greg Woods (Feb 19)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof route () RESENTMENT INFONEXUS COM (Feb 18)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Fred W. Noltie Jr. (Feb 19)
    - Call to politeness (Re: [HERT] Advisory #002 Buffer overflow in alecm (Feb 19)
    - pine 4.10 patches (similar to 4.05) GvS (Feb 20)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof M.C.Mar (Feb 20)
    - full disclosure and vendor education Antonomasia (Feb 20)

(Thread continues...)