Bugtraq mailing list archives
Re: Wemilo
From: daedalus () RIPCO COM (daedalus)
Date: Tue, 2 May 2000 16:55:33 -0500
I have since changed the wemilo password on two installations and in both cases it did NOT prevent access to the password hashes. -Bill At 10:37 PM 4/30/00 -0800, you wrote:
On every Cart32 installation I have looked at, cart32clientlist will accept any string or nothing at all. No password is required to view the client list and password hashes. Does hexing 'wemilo' out of the exe prevent this? Also, I have seen one site where they edited the HTML of cart32clientlist like this: <input type=password name="xxxxxxx"> This is useless and does not prevent anyone from creating a local copy with a full path to cart32.exe and a valid input field like this: <input type=password name="Cart32Password"> -CassiusTo: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Alert: Cart32 secret password backdoor (CISADV000427) Greetings, I have a client using cart32 2.6 so I went to the cart32clientlist url mentioned in the alert and sure enough if dumped the hashed password list. I high-tailed it over there and open up the cart32.exe and wasunableto find the "wemilo" password anywhere. Now this could be my fault, heck I haven't touched a hex editor in ages, but still it prompted me to gobackto the clientlist url and try some random charecters instead of "wemilo". Well, it happily dumped the client list again. Just to make sure it wasn't just me I went out on the web and tried it at several sites running cart32 (2.6 and 3.0) and all but one case it dumped the client list. The one that didn't show a list DID show the open database messages so I think maybe it just wasn't set up. I may be missing something here but it seems to me you don't have to even know the "backdoor password" to dump the client list and hashes. my 2 cents, -BillIMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
-- /******************************************************************** Bill Borton Remember: Mailto:daedalus () ripco com Never use a big word where a http://pages.ripco.com/~daedalus diminutive one will suffice. ********************************************************************/
Current thread:
- Wemilo cassius () HUSHMAIL COM (Apr 30)
- pam_console bug Michal Zalewski (May 02)
- Re: pam_console bug Benjamin Smee (May 03)
- Re: pam_console bug Michal Zalewski (May 04)
- Re: pam_console bug Benjamin Smee (May 03)
- Re: Wemilo daedalus (May 02)
- Possible issue with Cisco on-line help? Fernando Montenegro (May 02)
- Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
- Re: Possible issue with Cisco on-line help? Lisa Napier (May 09)
- Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
- 4ward:It's a blue world! deepquest () NETSCAPE NET (May 02)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)
- Re: Denial of service attack against tcpdump antirez (May 03)
- Re: Denial of service attack against tcpdump Sebastian (May 03)
- Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
- Re: Denial of service attack against tcpdump Gerald Combs (May 03)
- "ILOVEYOU" virus analysis Steve Wolfe (May 04)
(Thread continues...)
- pam_console bug Michal Zalewski (May 02)