SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Client)  >   GSuite Vendors:   Imspire
GSuite Discloses Passwords to Local Users
SecurityTracker Alert ID:  1011994
SecurityTracker URL:  http://securitytracker.com/id/1011994
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 29 2004
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Lostmon reported a vulnerability in GSuite. A local user can obtain the target user's GMail password.

It is rpeorted that a local user with access to the target user's 'documents and settings\user_name\Application Data\GSuite\' folder can view the 'settings.xml' file, which contains the target user's password in ASCII value encoded form. The password can be readily decoded.
Impact:   A local user can obtain a target user's GMail password.
Solution:   No solution was available at the time of this entry. The vendor plans to include a fix in the next release.
Vendor URL:  www.imspire.com/gsuite/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Tue, 26 Oct 2004 13:07:24 +0200
Subject:  Gmail suit Discloses cripted password A local users and can decript it


###############################################
###### Gmail suit decripting password##########
###############################################
os:win 2000 sp 4 ie 6.x whith all fixes
vendor url:http://www.imspire.com/gsuite/index.html
impact: disclosure user information decript password

gmail suit is an application that offers different utilities for
contextual gmail and adds menus our explorer for as much being able to
consult as to send post office to gmail from this suit

Gmail suit once installed leaves in the user folder:
(documents and settings\user_name\Application Data\GSuit\) creates a
called file 'settings.xml' if we watched within this file we see
several data:


<configuration>
  <User>
    <Email>User_name_login</Email>
    <Password>=EC=EF=E9=F3=EC=E1=EE=E5</Password>
  </User>
</configuration>

 1 name of user of the account of gmail
 2 password codified=20

somehow password codified has the same length of characters that
password in flat text introduced by the  user to know like decoding as
simple the one whom serious as to pass character through character to
its 128 to him value ASCII(http://www.bbsinc.com/symbol.html) of
reducing and the turn out to watch in table ASCII and we will have the
correct character of password

example:

=EC=3D(236-128)=3D108=20
108 =3D a

another

=E1=3D(225-128)=3D97
97=3Da
=20
=EC=EF=E9=F3=EC=E1=EE=E5 =3D loislane

atentamente:

Lostmon (lostmon@gmail.com)

Thank Ipy and [D]aRk You are The best friends
Thanks to http://www.ayuda-internet.net (#Ayuda_Internet) for their support
and thx to Estrella to be my ligth.

--=20
La curiosidad es lo que hace mover la mente....


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC