NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability

[robkraus () soutionary com]

NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability

CVSS Risk Rating: 4.6 (Medium)

Product: NetSaro Enterprise Messenger Server

Application Vendor: SEM Software

Vendor URL: http://www.netsaro.com/

Public disclosure date: 8/15/2011

Discovered by: Rob Kraus, Jose Hernandez, and Solutionary Engineering Research Team (SERT)

Solutionary ID: SERT-VDN-1011

Solutionary public disclosure URL: 
http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vuln-Password.html

Vulnerability Description: A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an 
attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users 
running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to 
the password files stored within the application root directory. An attacker who has previously compromised the host 
operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" 
directory can obtain the user credentials using readily available tools. More information about this class of 
vulnerability can be obtained by visiting http://cwe.mitre.org/top25/index.html#CWE-311: Missing Encryption of 
Sensitive Data– CWE 311

Affected software versions: NetSaro Enterprise Messenger Server v2.0 (previous versions may also be vulnerable)

Impact: In cases where access to the NetSaro.fdb file is achieved an attacker can obtain username and password values 
and reuse them against other systems within the network or cause disruption of services.

Fixed in: None Available

Remediation guidelines: Limit access to this hosts running the software and apply security patches as they become 
available.