header-logo
Suggest Exploit
vendor:
Screen to Screen
by:
mSec
7.5
CVSS
HIGH
Weak Encryption
327
CWE
Product Name: Screen to Screen
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: MacOS
2002

Screen to Screen Password Decryption

Screen to Screen is a remote control utility for systems running MacOS. To use it, an administrator password is stored in encrypted form in a file called 'Authorization' located in the System Folder under Preferences:Power On Preferences:Screen To Screen. There are two problems: 1: The file can be deleted, and then the next time Screen to Screen is started it will reset the username to 'administrator' and the password to 'admin'. 2: The encryption scheme is weak and can be broken. This program, written by mSec, will decrypt the administrator password for Screen to Screen.

Mitigation:

Ensure that the encryption scheme used for storing passwords is strong and secure.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/551/info

Screen to Screen is a remote control utility for systems runnig MacOS. To use it, you need to have an administrator password. This password is stored in encrypted form in a file called "Authorization" located in the System Folder under Preferences:Power On Preferences:Screen To Screen.

There are two problems:
1: The file can be deleted, and then the next time Screen to Screen is started it will reset the username to 'administrator' and the password to 'admin'.
2: The encryption scheme is weak and can be broken. 

This program, written by mSec, will decrypt the administrator password for Screen to Screen. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19437.sit

Navigation

Suggest Exploit

Services By CQR