Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sparx Systems Enterprise Architect 9.3.931 Corporate Password Disclosure

🗓️ 13 Feb 2013 00:00:00Reported by Holm DieningType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

Sparx Systems Enterprise Architect 9.3.931 Corporate Password Disclosure. Obfuscated user passwords in t_secuser table expose vulnerability.

Code
`Subject  
=======  
Simple password obfuscation in Sparx Systems "Enterprise Architect" when using server based repositories  
  
Affected product  
================  
Product: Enterprise Architect  
Vendor: Sparx Systems  
  
Affected versions  
=================  
Tested with 9.3.931 Corporate, other versions likely to be affected too.  
  
Description  
===========  
When using server based repositories in Enterprise Architect the user account information is stored in the database table t_secuser. The column "Password" contains the user password in an obfuscated format. The content is simply the user password XOR'ed with the ASCII code of 'E17030402158' instead of using a generally accepted hash function. Hence everyone with access to the database (which is in general every user with access to the repository) is able to decode the passwords of all other users.  
  
Impact  
======  
Disclosure of user passwords.  
  
Possible mitigating factors  
===========================  
Beginning with version 7.1 Enterprise Architect offers a feature where project owners can provide users with a shortcut to the project that contains the database connection string in an encrypted format. This should avoid the need to reveal database access credentials to end users.   
  
Conclusion  
==========  
Everyone with access to the database containing the repository is able to decode the passwords of all users. Irrespective of the fact that ordinary end users may be detained from gaining access to the database using the "Encrypt Connection String" feature, at least SQL admins may still read the t_secuser table and are therefore able decode the passwords.  
  
Chronology  
==========  
Vendor informed: 2012/01/28  
Vendor reminded: 2012/02/06  
Vender response: 2012/02/07  
  
Summary of vendor response:   
- "We are aware of these limitations"  
- "No fixes are scheduled at this time."  
  
Released to public: 2012/02/12  
  
Reported by  
===========  
Holm Diening  
Dept. Privacy and Information Security  
  
E-Mail: [email protected]  
www.gematik.de  
  
gematik  
Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH Friedrichstraße 136  
10117 Berlin  
Amtsgericht Berlin-Charlottenburg HRB 96351 B  
Geschäftsführer: Prof. Dr. Arno Elmer  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Feb 2013 00:00Current
sparx systems enterprise architectpassword disclosureserver based repositoriesobfuscated formatuser passwordsdatabase securityvulnerabilityvendor responseencryption featureinformation securitygematikholm diening
42