Hummingbird FTP Weak Password Encryption

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Hummingbird FTP Weak Password Encryption
From: nnposter@xxxxxxxxxxxxxxxxxxxxx
Date: 14 Aug 2005 21:20:38 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hummingbird FTP Weak Password Encryption


Critical: Less critical
Impact: Exposure of sensitive information
Where: Local system
Solution Status: Unpatched

Software: Hummingbird Connectivity 10.x
http://connectivity.hummingbird.com/products/nc/cpia.html


Description:
A vulnerability has been identified in Hummingbird FTP, which can be exploited 
by malicious, local users to gain knowledge of sensitive information.

The vulnerability is caused due to the use of a simple algorithm to "encrypt" 
passwords in FTP profiles (*.hfs). The problem is that a cipher text is 
generated by incrementing the plain text ASCII value of each password character 
by 125 (0x7d). This makes it trivial to gain knowledge of the password.

The vulnerability has been confirmed in version 10. However, prior versions may 
also be affected.


Solution:
Set proper ACLs for FTP profiles.

Found by:
nnposter

History:
Vendor notified July 13, 2005
Vendor acknowledged receipt July 13, 2005
Public release August 14, 2005

Prev by Date: RE: Vulnerability found in CPAINT Ajax Toolkit
Next by Date: Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
Previous by thread: Re: SQL injection in Persianblog
Next by thread: Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
Index(es):
- Date
- Thread