MegaBook Weak Password Encryption

2003-06-29T00:00:00
ID OSVDB:3202
Type osvdb
Reporter OSVDB
Modified 2003-06-29T00:00:00

Description

Vulnerability Description

MegaBook contains a flaw related to password storage. The issue is due to a weak encryption scheme used to protect password. The first two characters of the encrypted password hash are the same as the unencrypted password. This makes it significantly easier to brute force crack the password.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MegaBook contains a flaw related to password storage. The issue is due to a weak encryption scheme used to protect password. The first two characters of the encrypted password hash are the same as the unencrypted password. This makes it significantly easier to brute force crack the password.

References:

Related OSVDB ID: 3201 Related OSVDB ID: 3203 Related OSVDB ID: 3204 Related OSVDB ID: 3260 Other Advisory URL: http://exploitlabs.com/files/advisories/EXPL-A-2003-011-megabook-2.0.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0236.html ISS X-Force ID: 12473