Re: [kiss from HeliSec]: fancylogin : vulnerable or not?

[Martin Macok <martin.macok () UNDERGROUND CZ>]

On Fri, Mar 09, 2001 at 11:22:33PM +0100, kiss wrote:
>                 /*
>                  * scramble password so that it can't be read out of the
>                  * core in any circumstances
>                  */
>                 int i;
>                 for (i=0;i<sizeof(password);i++)
>                   password[i]=rand()%256;
>
> the "scrambling" is weak since rand() is used without a seed, so all numbers
> that it generates are completely predectible. i dont know how to core dump
> the program at that point, anyways.

I see no weakness here even when you can coredump it. It's just
attempt to overwrite the memory where password is stored and I see no
vulnerability in fact that the new overwritten password[] is
predictable (what is the reason to use rand() here?).

password[i]='x' or memset()  should be enough.

-- 
   Martin Mačok
  underground.cz
    openbsd.cz