HP Web Jetadmin Weak Encryption

2004-04-27T09:42:00
ID OSVDB:5793
Type osvdb
Reporter FX(fx@phenoelit.de)
Modified 2004-04-27T09:42:00

Description

Vulnerability Description

HP Jetadmin contains a flaw that may allow a malicious user to gain password information. The issue is triggered when exploit of weak encryption occurs. It is possible that the flaw may allow decryption of passwords resulting in a loss of confidentiality.

Technical Description

HP Web JetAdmin uses its own encryption scheme to transmit passwords, and that scheme is easily broken. An encrypted username or password is transmitted and stored as an ASCII representation of hexadecimal numbers in a three element string. The string contains, in sequential order, the initialization vector (IV) for the algorithm, the length of the encrypted data (always double the length of the cleartext), and the actual encrypted data. By initialising a random number generator with the IV from the string and performing an XOR operation with the encrypted data and the upper 8 bits of the subsequently calculated random numbers, the cleartext can be derived in the form of a series of two byte characters.

Solution Description

Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HP Jetadmin contains a flaw that may allow a malicious user to gain password information. The issue is triggered when exploit of weak encryption occurs. It is possible that the flaw may allow decryption of passwords resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Secunia Advisory ID:11536 Related OSVDB ID: 5798 Related OSVDB ID: 5792 Related OSVDB ID: 5794 Related OSVDB ID: 5796 Related OSVDB ID: 5790 Related OSVDB ID: 5791 Related OSVDB ID: 5795 Related OSVDB ID: 5797 Other Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt CERT VU: 606673 Bugtraq ID: 10224