Penetration Testing mailing list archives

RE: WinPac 2.0

From: Magnus Ullberg <UllbergM () abcbank com>
Date: Fri, 11 Jan 2002 15:59:37 -0600

Thanks, good info.

What I was wondering is whether i could order a card with the same number as
another card and get access to what that card has access to.
Or if there is aditional info stored on the card (location, unique company
code, etc.) to prevent that.
The cards here were bought in two different batches, one is in the 26000
range and the other in a much lower range. I dont know if you can specify
the range when you order them, but if you can i thought that if i could get
the number of the back of a admin card i could gain  access to the building.


-----Original Message-----
From: Mike Shaw [mailto:mshaw () wwisp com]
Sent: Friday, January 11, 2002 2:57 PM
To: Magnus Ullberg; 'pen-test () securityfocus com'
Subject: Re: WinPac 2.0


Interesting that you should mention this, because I just worked with 
someone who put a system like this in.

 From what I could tell, the 5 digit number on the card is the only 
identifier, although I think it's pretty difficult to replicate these 
cards.  I've wondered about collisions, but I guess until you got upwards 
of 5-10 thousand employees, the chances of a collision/birthday effect are 
low.  It would be interesting to see if you could request a certain number 
from a distributor.

Some further interesting info form the northern site 
(http://www.nciaccessworld.com):
"The default login and password are: Log In = Admin Password = (leave 
blank) no password If the default login and password are no longer in the 
software please contact Northern Computers technical support so a 
technician can instruct you how to send the database to Northern Computers 
so we can reset it to default for you. "
      and....
"The defualt passwords for WIN-PAK are: login = SYSTEM password = startup 
These passwords are case sensitive. "

There are also manuals there if you need them.  The product is based of an 
access database, so I can't imagine that snagging the password would be 
that difficult if it's not a default password.  If the workstation is 
accessible from the network, or it's physically insecure, there may be some 
leverage there too.

-Mike

At 11:22 AM 1/11/2002 -0600, Magnus Ullberg wrote:

Anybody have information about Win-Pac 2.0?
It is the system used to control doors and manage proximity cards.
Each card has a 5 digit number on it. Anybody know if that number is the
only thing that identifies the card or if there
is some additional info on the card.

Thanks,
Magnus Ullberg
Network Coordinator


---------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

WinPac 2.0 Magnus Ullberg (Jan 11)
- Re: WinPac 2.0 Mike Shaw (Jan 11)
- Re: WinPac 2.0 Chuck Fitzpatrick (Jan 11)
- <Possible follow-ups>
- RE: WinPac 2.0 Magnus Ullberg (Jan 11)
  - RE: WinPac 2.0 Mike Shaw (Jan 12)