Next Page >>
encrypted
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
message without user interaction. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
IMPACT
======
An unauthenticated remote attacker can, by inducing the decryption of
an invalid AES or RC4 ciphertext, cause a crash or heap corruption,
or, under extraordinarily unlikely conditions, arbitrary code
execution. A successful code-execution attack against a KDC can
compromise all services relying on that KDC for authentication.
However, the most probable outcome is a crash due to a memory fault or
abort() call. An attacker with a valid account in the relevant
secret = "(constant string embedded in the binary)"
key = sha1(secret)
encrypted_password = base64(rc4(key, password))
As a stream cipher, RC4 is only secure as long as you make
sure that no two plaintexts are encrypted using the same
keystream. When using raw RC4 without some form of unique
IV construction, the keystream will be the same for every
key. In the case of LSrunasE and Supercrypt, the very same
RC4 keystream is being generated for all encrypted passwords,
with any type of key. All three checksum types make use of a key
derivation algorithm built around the block encryption operation of
the key's encryption type.
The arcfour-hmac and arcfour-hmac-exp encryption types are specified
in RFC 4757, and make use of a stream cipher instead of a block
cipher. The MIT krb5 implementation treats these encryption types as
having a cipher block size of one byte for the purposes of key
derivation. When the aforementioned checksum types perform key
derivation, they repeatedly invoke stream cipher encryption on
one-byte blocks. The result is a derived key whose contents alternate
Vendor Contact Date: 4/20/2010
Status: Vendor does not want to fix the vulnerability.
Vulnerability Details:
RSA Key Manager Client software uses an SQLite database to cache its encryption keys. The software fails to properly validate the metadata embedded inside of the RSA Key Manager encrypted data when it perform a key lookup when the encrypted data is being decrypted.An attacker can inject SQL commands into the metadata section of the RSA Key Manager encrypted data, which will be executed by the Key Manager Client software. For example, an attacker can inject SQL statements to modify existing encryption keys, remove existing encryption keys, add new encryption keys, etc.
The Key Manager client uses two types of cache: memory cache and file cache. As long as both or either of the caches are enabled the problem can be triggered easily.
RSA Key Manager Client 1.5.x uses the following format when it encrypts data:
Field 1 = KeyIdStringField 2 = NULL TerminatorField 3 = Encryption IVField 4 = Encrypted Data
Encryptionn Key Cache tables:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort
Encryption Appliance
Advisory ID: cisco-sa-20100210-ironport
Revision 1.0
+Impact
Potentially High
+Description
When logging into a Prolog database all of the usernames and passwords
are sent to the workstation. Depending on the encryption level of the
database cracking the passwords is trivial to annoying.
If you attempt a login with ANY username/password combination the
entire dataset of usernames and passwords is passed to the workstation
to parse and authenticate. Any network sniffer can catch the dataset
The premium and new line of QNAP network storage solutions allow
for full hard disk encryption. When rebooting, the user has to
unlock the hard disk by supplying the encryption passphrase via
the web GUI.
However, when the hard disk is encrypted, a secondary key is
created, added to the keyring, and stored in the flash with minor
obfuscation.
Impact:
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
===============================ADVISORY===============================
Advisory: Data Encryption Systems - DESLock+ - Local Kernel
Code Execution/Denial of Service
Advisory ID: DSEC-2011-0002
Author: Neil Kettle, Digit Security Ltd
Affected Software: Data Encryption Systems - DESLock+
Vendor URL: http://www.deslock.com
Vendor Status: unpatched
Category: Denial of Service/Privilege Escalation
Date Reported: 2008/07/31
Description:
CVE Identifier: CVE-2010-1904
The vulnerability was that cache could be modified to insert an arbitrary encryption key that may lead to data unavailability (such as decryption failure of data encrypted by that modified key). There was no impact on confidentiality of the data as the attacker would need the cache encryption key in order to decrypt the data.
The fix addresses this vulnerability for the below platforms.
•Microsoft Windows XP SP2 or higher
•Microsoft Windows Server 2003 R2 SP1
RKM Appliance, all versions
Customer using EMC PowerPath with RSA encryption
Customer using Brocade Encryption Switches with RSA encryption
What is the impact?
An attacker can attempt to modify the cache to insert an arbitrary encryption key that may lead to data unavailability (such as decryption failure of data encrypted by that modified key).
There is no impact on confidentiality of the data as the attacker would need the cache encryption key in order to decrypt the data.
As of the date of this posting, RSA is not aware of any instances where this vulnerability may have been compromised nor are there signs of published exploit code.
> RKM Appliance, all versions
> Customer using EMC PowerPath with RSA encryption
> Customer using Brocade Encryption Switches with RSA encryption
>
> What is the impact?
> An attacker can attempt to modify the cache to insert an arbitrary encryption key that may lead to data unavailability (such as decryption failure of data encrypted by that modified key).
>
> There is no impact on confidentiality of the data as the attacker would need the cache encryption key in order to decrypt the data.
>
> As of the date of this posting, RSA is not aware of any instances where this vulnerability may have been compromised nor are there signs of published exploit code.
>
Formshield1. The value of the properties parameter changed each time
new text was populated in the CAPTCHA image. Changing content of this
parameter results in no new text being generated at all. The encrypted
properties value though is obtained by a dynamic key in the
__VIEWSTATE variable. If the contents of the __VIEWSTATE variable can
be obtained then we have a plaintext cipher text match which can be
replayed every time for every new request.
Details of the Attack
To carry out this attack we need to intercept and modify HTTP(S)
Formshield1. The value of the properties parameter changed each time
new text was populated in the CAPTCHA image. Changing content of this
parameter results in no new text being generated at all. The encrypted
properties value though is obtained by a dynamic key in the
__VIEWSTATE variable. If the contents of the __VIEWSTATE variable can
be obtained then we have a plaintext cipher text match which can be
replayed every time for every new request.
Details of the Attack
To carry out this attack we need to intercept and modify HTTP(S)
Background:
For most web application logins a user fills out an HTTP form, which sets up the user with a session cookie. The cookie content is merely a session ID, which allows the server-side application to match incoming requests to a specific user and session. If the cookie gets compromised, such as using XSS, the attacker might be able to impersonate the user for the duration of the session but it typically does not allow the attacker to obtain the user's login credentials.
Vulnerability:
The web management interface of Citrix NetScaler stores the user's credentials in an encrypted form in the cookie, namely values ns1 and ns2. In addition the cookie contains other encrypted information in values ns3, ns4, and ns5. Since the encryption is a simple XOR with a fixed key stream it is possible to determine parts of the key stream by XOR'ing a known plaintext with its corresponding ciphertext. This in turn allows the attacker to recover the plaintext form of the user's credentials by applying the key stream to cookie values ns1 and ns2. Furthermore, the cipher does not in any way pad the plaintext before it gets encrypted so the length of the ciphertext is equal to the length of the plaintext, which also provides a clue about the plaintext.
There are several approaches to obtain the ciphertext for some known plaintext:
* Log into the management console with the attacker's own credentials (if the attacker is a configured user, even with minimal privileges) and analyze his own cookie.
* Make an educated guess about the username contained in ns1. (As an example, the default root user on NetScaler is "nsroot".)
Devices running affected versions of Cisco IOS Software are
susceptible if configured with any of the following features:
* Secure Socket Layer (SSL) Virtual Private Network (VPN)
* Secure Shell (SSH)
* Internet Key Exchange (IKE) Encrypted Nonces
Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are
not affected by this vulnerability.
To determine whether SSLVPN is enabled on a device, log in to the
Server proxy:
Trust-point: local_ccm
Client proxy:
Local dynamic certificate issuer: LOCAL-CA-SERVER
Local dynamic certificate key-pair: phone_common
Cipher suite: aes128-sha1 aes256-sha1
Run-time proxies:
Proxy 0xcbae1538: Class-map: sip_ssl, Inspect: sip
Active sess 1, most sess 3, byte 3456043
...
<output truncated>
you'd like to subscribe then send an email to
newsletter@enablesecurity.com
.....
Apple's Mail.app stores your S/MIME encrypted emails in clear text
Date published: 2008-10-03
Affected version: 3.5 (929.4/929.2)
3) Server sends client the HTML form, the jCryption JavaScript
code and the per-session RSA public key (e, n).
4) Client encrypts form data as follows:
checksum = checksum(plaintext);
ciphertext = RSA_encrypt(checksum || plaintext);
using modulus n, exponent e, deterministic checksum function
(modular sum of all bytes) and plain RSA in ECB mode with null
padding.
5) Client sends ciphertext to server, which does the reverse of 4
However, it is also possible to access the hosts connected to the kvm
switch via a network using an ordinary PC as a client. As this can
also be used via an insecure network, it is very important that this
connection is cryptographically protected against sniffing of
confidential data (e.g. keystrokes, monitor signals) and man in the
middle attacks. The affected products provide an SSL encrypted web
interface. After authenticating to the web interface the user can
download a client program (java or windows). The client program
contains temporary authentication data so that it can connect to the
kvm switch without asking the user for username/password again.
1. By default, IMail allows Internet Guest Account to have "Full Control" to the following registry key,
including its subkeys and values. As well as the default IMail directory:
HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail
C:\Program Files\Ipswitch\IMail\
2. The IMail password decryption algorithm implemented in IMailsec.dll is also reversible.
0x03 : Vendor Communication
1/21/2010 - IMail vendor contacted
1/26/2010 - Got a reply from the vendor (product development manager) for more vulnerability clarification.
Background
Rsyncrypto[1] is a file encryption tool. It has a single RSA key that
encrypts symmetric AES keys per file. The files themselves are subject
to an encryption method that is based on CBC, but does a
security-performance trade off. In particular, the files are encrypted
in such a way that re-encrypting, using the same key, a file that was
slightly modified will result in slightly modified cypher text. This is
needed so that the file will retain wire efficiency when transferred
using rsync[2].
Architecture: ARM
Designed by: Storm Semiconductor Inc (www.storlinksemi.com)
Problem:
Hard disk encryption key stored in plain on unencrypted partition.
Time line:
Found: 09. March 2008
Reported: 09. March 2008
Public disclosure: 03/2008
PART I - COMPROMISING USER’S ACCOUNT
Explanation:
When user already has session and he/she clicks on that link (from email), the exploit code will be automatically executed. User’s email address is changed without his/her notice. At the same time, his/her current email address, first and last name, and current encrypted password (in User Information page) is logged by a remote server side script.
The attacker reads all these information in a log file.
After that, he gets a new user password sent to his email address by using Lost Password form.
With victim’s username and password, the attacker has full permission on that account and does whatever he wants.
Upon finishing his works, he changes back user’s initial email address and encrypted password.
suhosin.cookie.encrypt = On
Once activated all incoming cookies will be decrypted and all
outgoing Set-Cookie HTTP headers will be rewritten to only contain
encrypted data. When this happens the following code of Suhosin
extension will be triggered.
char *suhosin_encrypt_single_cookie(char *name, int name_len, char
*value, int value_len, char *key TSRMLS_DC)
{
---------
EXPLOIT:
---------
1.-WITHOUT ENCRYPTION:
Add cookie --> Name ~> dogarchive_user_info
--> Value ~> email=&uid=-1%20or%201=1#&seclev=
Next Page>>
|
