Hello bugtraq, Sambar Server (Web/Mail/Proxy for Windows) by default stores password encrypted with blowfish with static built-in key. (Documentation states passwords can't be recovered but server recovers passwords for some needs). There is no even need to discover this key because Sambar has decoding procedure inside. Attached is simple program to launch decoding. Copy it to Sambar's /bin and treat is as a tool to recover forgotten passwords :) In config.ini you can set Use Unix crypt = true to make Sambar use crypt()-like non-recoverable DES format. If someone needs formal advisory, it can be found at http://www.security.nnov.ru/advisories/sambarpass.asp -- http://www.security.nnov.ru /\_/\ { . . } |\ +--oQQo->{ ^ }<-----+ \ | 3APA3A U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 08:39:20 PDT