Vulnerability Development mailing list archives
Re: [kiss from HeliSec]: fancylogin : vulnerable or not?
From: Martin Macok <martin.macok () UNDERGROUND CZ>
Date: Sun, 18 Mar 2001 00:13:00 +0100
On Fri, Mar 09, 2001 at 11:22:33PM +0100, kiss wrote:
/* * scramble password so that it can't be read out of the * core in any circumstances */ int i; for (i=0;i<sizeof(password);i++) password[i]=rand()%256; the "scrambling" is weak since rand() is used without a seed, so all numbers that it generates are completely predectible. i dont know how to core dump the program at that point, anyways.
I see no weakness here even when you can coredump it. It's just attempt to overwrite the memory where password is stored and I see no vulnerability in fact that the new overwritten password[] is predictable (what is the reason to use rand() here?). password[i]='x' or memset() should be enough. -- Martin Mačok underground.cz openbsd.cz
Current thread:
- [kiss from HeliSec]: fancylogin : vulnerable or not? kiss (Mar 09)
- Re: [kiss from HeliSec]: fancylogin : vulnerable or not? Martin Macok (Mar 17)