Research

  1. Trusted Managed Security Provider | Solutionary
  2. Research
  3. Vulnerability Disclosures
  4. NetSaro Enterprise Messenger Server

NetSaro Enterprise Messenger Server

Title: NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability
Solutionary ID: SERT-VDN-1010
CVE ID: CVE-2011-3692
Product: NetSaro Enterprise Messenger Server
Application Vendor: SEM Software
Vendor URL: http://www.netsaro.com
Date discovered: 6/30/2011
Discovered by: Jose Hernandez, Rob Kraus and the Solutionary Engineering Research Team (SERT)
Vendor notification date: 7/01/2011
Vendor response date: No Response
Vendor acknowledgment date: No Response

Public disclosure date: 8/15/2011

Type of vulnerability: Weak Cryptography - Design Flaw

Exploit Vectors: Local

Vulnerability Description: A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools. More information about this class of vulnerability can be obtained by visiting: Use of a Broken or Risky Cryptographic Algorithm – CWE 327

Tested on: Windows XP, SP3, with NetSaro Enterprise Messenger Server v2.0 default installation.

Affected software versions: NetSaro Enterprise Messenger Server v2.0 (previous versions may also be vulnerable)

Impact: In cases where access to the configuration.xml file is obtained an attacker can decrypt all username and password values and reuse them against other systems within the network.

Fixed in: None Available

Remediation guidelines: Limit access to this hosts running the software and apply security patches as they become available.
Newsletter Sign-up Contact Sales Request Demo

Risk Level: 4.6

(CVSS version 2)

 

Low Risk

www.solutionary.com - 866-333-2133