[17538] in bugtraq
Cart32 admin password vulnerability
daemon@ATHENA.MIT.EDU (Colin Hart)
Tue Nov 7 13:07:03 2000
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0034_01C0482E.B28C2B80"
Message-Id: <003701c0482e$b28c2b80$0501020a@thebox.emea.wcomnet.com>
Date: Mon, 6 Nov 2000 20:18:15 -0000
Reply-To: Colin Hart <info@COLINHART.COM>
From: Colin Hart <info@COLINHART.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_0034_01C0482E.B28C2B80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Joint advisory issued by Cart32 and Colin Hart
---------------------------------------
Date Published:
6th November 2000
---------------------------------------
Title:
Cart32 admin password vulnerability
---------------------------------------
Vulnerable Packages/Systems:
Cart32 v3.5 build 619, in the default configuration from a remote
installation. Earlier versions with other installation methods may be
affected
---------------------------------------
Vulnerability Description:
The Cart32 installation creates a file, cart32.ini, which contains the
administrator password in hashed form.
The encryption on the password is weak and can easily be broken. At
Cart32's request the algorithm will not be disclosed in this advisory.
Also, in some circumstances, the cart32.ini may contain the current and
historical administrative passwords in plaintext in the Debug section
of the file.
---------------------------------------
Solution:
1) Upgrade to version 3.5a build 710, which contains stronger password
encryption and removes the debug issue, as soon as possible. It is
available from http://www.cart32.com/update
2) Follow Cart32's advice on how to secure your Cart32 files which is
at http://www.cart32.com/kbshow.asp?article=3DC050 and includes a
reference to the location of the cart32.ini file. There are other
articles in their knowledge base regarding securing your cart32
installation.
You can download a 30-day demo of Cart32 at http://www.cart32.com .
For info on previous Cart32 issues see;
http://www.cerberus-infosec.co.uk/advcart32.html
---------------------------------------
About:
Cart32 is a product of McMurtrey/Whitaker & Associates, Inc. which has
been in business since 1989 developing software solutions for clients
worldwide.
support@cart32.com
Colin Hart is a UK based, independent consultant specialising in NT
systems, their design, administration and security for small, medium
and large organisations internationally.
---------------------------------------
Thanks:
From Colin Hart to;
Bryan Whitaker for swift action and cooperation.
RFP for RFPolicy
Trey
---------------------------------------
You may copy or redistribute this advisory but only in its entirety.
(c) Colin Hart 2000
This advisory was created using RFPolicy 2.0;
http://www.wiretrip.net/rfp/policy.html=20
------=_NextPart_000_0034_01C0482E.B28C2B80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3612.1706"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>Joint advisory issued by Cart32 and =
Colin=20
Hart<BR>---------------------------------------<BR>Date =
Published:<BR>6th=20
November =
2000<BR>---------------------------------------<BR>Title:<BR>Cart32=20
admin password=20
vulnerability<BR>---------------------------------------<BR>Vulnerable=20
Packages/Systems:<BR>Cart32 v3.5 build 619, in the default configuration =
from a=20
remote<BR>installation. Earlier versions with other installation methods =
may=20
be<BR>affected<BR>---------------------------------------<BR>Vulnerabilit=
y=20
Description:<BR>The Cart32 installation creates a file, cart32.ini, =
which=20
contains the<BR>administrator password in hashed form.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>The encryption on the password is =
weak and can=20
easily be broken. At<BR>Cart32's request the algorithm will not be =
disclosed in=20
this advisory.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>Also, in some circumstances, the =
cart32.ini may=20
contain the current and<BR>historical administrative passwords in =
plaintext in=20
the Debug section<BR>of the=20
file.<BR>---------------------------------------<BR>Solution:<BR>1) =
Upgrade to=20
version 3.5a build 710, which contains stronger password<BR>encryption =
and=20
removes the debug issue, as soon as possible. It is<BR>available from <A =
href=3D"http://www.cart32.com/update">http://www.cart32.com/update</A></F=
ONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>2) Follow Cart32's advice on how to =
secure your=20
Cart32 files which is<BR>at <A=20
href=3D"http://www.cart32.com/kbshow.asp?article=3DC050">http://www.cart3=
2.com/kbshow.asp?article=3DC050</A>=20
and includes a<BR>reference to the location of the cart32.ini file. =
There are=20
other<BR>articles in their knowledge base regarding securing your=20
cart32<BR>installation.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>You can download a 30-day demo of =
Cart32 at <A=20
href=3D"http://www.cart32.com">http://www.cart32.com</A> .</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>For info on previous Cart32 issues =
see;<BR><A=20
href=3D"http://www.cerberus-infosec.co.uk/advcart32.html">http://www.cerb=
erus-infosec.co.uk/advcart32.html</A><BR>--------------------------------=
-------<BR>About:<BR>Cart32=20
is a product of McMurtrey/Whitaker & Associates, Inc. which =
has<BR>been in=20
business since 1989 developing software solutions for=20
clients<BR>worldwide.<BR><A=20
href=3D"mailto:support@cart32.com">support@cart32.com</A></FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>Colin Hart is a UK based, =
independent consultant=20
specialising in NT<BR>systems, their design, administration and security =
for=20
small, medium<BR>and large organisations=20
internationally.<BR>---------------------------------------<BR>Thanks:<BR=
>From=20
Colin Hart to;<BR>Bryan Whitaker for swift action and =
cooperation.<BR>RFP for=20
RFPolicy<BR>Trey<BR>---------------------------------------<BR>You may =
copy or=20
redistribute this advisory but only in its entirety.<BR>(c) Colin Hart=20
2000</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>This advisory was created using =
RFPolicy=20
2.0;<BR><A=20
href=3D"http://www.wiretrip.net/rfp/policy.html">http://www.wiretrip.net/=
rfp/policy.html</A>=20
</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV></BODY></HTML>
------=_NextPart_000_0034_01C0482E.B28C2B80--
