[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] CVE-2013-6223: Local Password Disclosure in Livezilla prior version 5.1.1.0
From:       Curesec Research Team <crt () curesec ! com>
Date:       2013-11-28 15:13:28
Message-ID: 52975D98.5020408 () curesec ! com
[Download RAW message or body]

Security Advisory - Curesec Research Team
=========================================

1. Introduction
----------------

Advisory ID: Cure-2013-1008
Advisory URL: https://www.curesec.com/
Affected Product: Prior LiveZilla version 5.1.1.0
Affected Systems: Windows
Vendor Contact: support@livezilla.net
Vulnerability Type: Local Password Disclosure
Remote Exploitable: No
Reported to Vendor: 18.10.2013
Disclosed to Public: 28.11.2013
Release mode: Coordinated release
CVE: CVE-2013-6223
Credentials: crt@curesec.com

2. Vulnerability Description
----------------------------

An 1click file that allows an admin to log into LiveZilla using a mouse
click is saved in a xml representation. This xml file includes the admin
username and password in plaintext.
Base64 is not an encryption mechanism. If an attacker is able to get
access to a 1click file he can easily open the file and discover
username and password for an administrator.

3. Proof of Concept Codes:
--------------------------

Just open the xml based onclick file.

4. Report Timeline
------------------
18.10.2013 Informed Vendor about Issue
21.10.2013 Vendor confirmed issue
21.10.2013 Informed about planned removal of the file
21.11.2013 Vendor published new version with fix
28.11.2013 Disclosed to public

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]