Sambar Server password decryption

From: 3APA3A (3APA3A@SECURITY.NNOV.RU)
Date: 07/25/01

Previous message: SeungHyun Seo: "top format string bug exploit code (exploitable)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Jul 2001 17:45:21 +0400
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Message-ID: <54104662486.20010725174521@SECURITY.NNOV.RU>
To: bugtraq@securityfocus.com
Subject: Sambar Server password decryption

Hello bugtraq,

Sambar Server (Web/Mail/Proxy for Windows) by default stores
password encrypted with blowfish with static built-in key.
(Documentation states passwords can't be recovered but
server recovers passwords for some needs). There is no even
need to discover this key because Sambar has decoding
procedure inside. Attached is simple program to launch
decoding. Copy it to Sambar's /bin and treat is as a tool
to recover forgotten passwords :)

In config.ini you can set
Use Unix crypt = true
to make Sambar use crypt()-like non-recoverable DES format.

If someone needs formal advisory, it can be found at
http://www.security.nnov.ru/advisories/sambarpass.asp

-- 
http://www.security.nnov.ru
         /\_/\
        { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

application/x-zip-compressed attachment: sadecrypt.zip

Previous message: SeungHyun Seo: "top format string bug exploit code (exploitable)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]