================================================= Advisory: Weak Password Encryption Scheme (Modified) in MS SQL Server Software: SQL Server, All Versions Severity: Low Vendor: Microsoft, http://www.microsoft.com Type of Vulnerability: Weak Password Encryption Author: K. K. Mookhey (ctoat_private) Company: Network Intelligence India Pvt. Ltd. http://www.nii.co.in Date: 2nd November 2002 Original Discovery: David Litchfield http://www.nextgenss.com Original Paper: http://www.nextgenss.com/papers/tp-SQL2000.pdf ================================================= Description: ========= MS SQL Server has two means of authenticating users. One uses Windows Authentication, and the other is the built-in SQL Authentication (which includes the 'sa' account). The passwords for the SQL Authentication are sent over the network using a very weak password encryption method. This was first mentioned in David Litchfield's paper "Threat Profiling Microsoft SQL Server". Details: ====== In his paper, Mr. Litchfield states that the password is encrypted by first converting it into UNICODE and then performing a simple XOR operation. I quote directly from there: "Network Sniffing When a user connects to an SQL Server and authenticates as an SQL login, as opposed to a Windows NT/2000 user, their login name and password are sent across the network wire in what is tantamount to clear text. The 'encryption' scheme used to hide the password is a simple bitwise XOR operation. The password is converted to a wide character format, or UNICODE, and each byte XOR'd with a constant fixed value of 0xA5. Of course, this is easy to work out because every second byte of the 'encrypted' password on the wire 0xA5 and we know that the password is in UNICODE with every second byte being a NULL and when any number is XOR'd with 0 (or NULL) the result is the same: 0x41 xor 0x00 = 0x41, 0xA5 xor 0x00 = 0xA5." However, there is a slight inaccuracy in this description which we detail below. We have determined that the actual XORing method involves an additional step. Step 1: Password is converted into UNICODE Additional Step 2: For each byte of the password, the four Most Significant Bits (MSB) are swapped with the four Least Significant Bits (LSB) Step 3. This modified byte is then XORed with 0xA5. In the case of the alternating UNICODE 0x00, swapping the 4 MSB with the 4 LSB does not make a difference. But for the rest of the bytes, it does. Vendor Response: ============= We did not contact the vendor, Microsoft as this is not exactly something new. However, we did contact Mr. Litchfield informing him about the slight modification to his original statement in his whitepaper. We did not receive any response from him. Suggested Workarounds: ================== There is nothing new to be done here, other than that which ought to be done when hardening an MS SQL Server. Do NOT use the SQL Server Authentication. This is strongly recommended by Microsoft. Note: ==== This is more of an FYI Advisory. Just to keep things a bit more accurate. Other Information: ============== This advisory is available online at http://www.nii.co.in/vuln/sqlpass.html We have used this method in our free tool 'forceSQL' which guess SQL Server Passwords using both Dictionary and Brute Force attacks. This is available for free download at http://www.nii.co.in/tools.html You may read our Vulnerability Disclosure Policy at http://www.nii.co.in/vdp.html Other advisories are at http://www.nii.co.in/research.html K. K. Mookhey CTO, Network Intelligence India Pvt. Ltd. Tel: 91-22-2001530, 2006019 Email: ctoat_private Web: www.nii.co.in
This archive was generated by hypermail 2b30 : Sat Nov 02 2002 - 12:05:49 PST