Home page logo
/

bugtraq logo Bugtraq mailing list archives

Password problem in Trumpet Winsock.
From: null () WEB PIEDMONT EDU (null)
Date: Sun, 6 Apr 1997 16:39:27 -0400


I've known of this bug for over a year and a half now, and am tired of
waiting to see if Trumpet will ever fix it.

It is possible to open trumpwsk.ini, take the encrypted string for the
$password= variable, and place it in the ppp-username= variable. This,
allows one to start up tcpman.exe,g oto File > PPP Options and get the
user's password.
Impact:

You may say 'What does this have to do with me, I use UNIX?', and the
answer is, anyone can gain access to your system, if one of your users uses
TWSK.
TWSK is the most common used TCP/IP stack for Windows 3.x and is also used
by many Windows95/NT users. This 'bug' works on all version and can lead to
serious compromising of security. All one needs is access to a user's
machine.
One can do computer work for a user (orjust drop by while they're not home
or at work), steal their ISP info, and then have access to your machine.
They can then do a variety of things. Probe for local bug to exploit,
initiating denial of service tactics (i.e. icmp flooding), get a members
account cancled, etc.

Hopefully Trumpet will change their encryption scheme, and make no variable
convertable to clear text in the application, or if needed, at least use
seperate encryption schemes for them.

-null aka Mark Baker (security consultant and part time chainsaw-tofu
artist)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]