Baramundi Management Suite transmits data and stores keys and credentials insecurely

2013-10-01T00:00:00
ID VU:392654
Type cert
Reporter CERT
Modified 2015-07-24T00:00:00

Description

Overview

Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission.

Description

CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593

Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in cleartext between the server and clients, and stores data in cleartext.

CWE-312: Cleartext Storage of Sensitive Information - CVE-2013-3624
When Baramundi Management Suite versions 7.5 to 8.9 is used for OS deployment, it stores the credentials in an unencrypted form on the deployed systems.

CWE-321: Use of Hard-coded Cryptographic Key - CVE-2013-3625
Baramundi Management Suite versions 7.5 to 8.9 utilizes a hard-coded encryption key stored in a dll file.

The CVSS score below applies to CVE-2013-3593.

07/15/2015 Vendor Comment:
With Baramundi Management Suite version 2015 R1 further improvements have been made to close existing problems noted in VU#392654. Therefore, we recommend updating to the latest release version 2015 R1.

Addressing issues noted in "CWE-319: Cleartext Transmission of Sensitive Information", sensitive information stored on disc has been removed or, if that was not possible, the files have been encrypted with industrial standard encryption methods. In addition, access to sensitive data on disc has been further limited to authorized user accounts.

In order to resolve problems noted in "CWE-321: Use of Hard-coded Cryptographic Key", the communication has been altered to industrial standard (SSL/TLS with mutual authentication using client-server certificates) and the offline storage on disc has encrypted as stated in the paragraph above. Due to this change, data (still) encrypted with the hard-coded key can no longer be accessed.


Impact

Since the software is used as an operating system deployment solution, it must have administrative rights to operate. As such, there are several impacts:

Privilege Escalation

  • Administrative privileges can be obtained on any local machine that was installed via Baramundi Management Suite.
  • Administrative privileges in Microsoft Active Directory can potentially be obtained.

Credential Theft

  • Credentials may be obtained by sniffing the traffic on the network.

Solution

Apply an Update