Bugtraq mailing list archives
Plaintext passwords in Chase Online Banking
From: dorqus () FREEK COM (dorqus maximus)
Date: Sun, 8 Mar 1998 02:15:57 -0500
I discovered a large security flaw in the Chase Online Banking software. (version 3.00, 11/14/97) When you install the software, you can select an offline password to run the program, so that unauthorized people cannot look at your balances, number of accounts, etc. (The software allows you to work offline, then connect via modem when you want to initiate transfers, etc.) Chase does not even encrypt the offline password, but rather leaves it in plain text. For each user that uses the software, there is a directory created with that username under the main directory (i.e. C:\Chase\USERNAME). If you have local access to a persons PC who has this software installed on their computer, you can get their offline password (which odds are is their online password is well) Here's how to do it. CD C:\WINDOWS (or wherever windows is installed on the machine) EDIT COB.INI, and look for the following section (the file is pretty small) [User List] User1=USERNAME User1DataPath=C:\Chase\USERNAME\ User1CustID=593845860683304858 LastUser=USERNAME next, CD C:\Chase\USERNAME EDIT BANKSYS.DAT and look for the User1CustID string (593845860683304858 in this case), the word right next to it is the users offline password. you can now run C:\Chase\cob.exe, and login as the user using their offline password. There's a good chance that the offline password is the same as their online password. Once you are connected, you can make see their current balance information, make transfers, even make payments. I have not yet brought this to the attention of Chase, as I figured I'd post it here first, then let them know that I have publicly disclosed this information, so it will be in their best interest to fix it. Dorqus Maximus
Current thread:
- Re: another /tmp race: `perl -e' opens temp file not safely, (continued)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- r00t Advisory [ LitterMaid Race Condition ] X (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 08)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- Updated list of crypto and security courses Avi Rubin (Mar 09)
- *sigh* another RH5 /tmp problem Mark A. Spencer (Mar 09)
- Re: *sigh* another RH5 /tmp problem Erik Troan (Mar 10)
- Re: Linux libc5 'bug' in mkstemp(). Andreas Jaeger (Mar 10)
- Linux libc5 'bug' in mkstemp(). Greg Alexander (Mar 09)
- Re: Linux libc5 'bug' in mkstemp(). Casper Dik (Mar 10)
- Re: Plaintext passwords in Chase Online Banking dorqus maximus (Mar 08)