Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

triactive.passwd.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Triactive's Remote Manager stores passwords in plaintext, posing a security risk to users.

Show more
Code
`Date: Fri, 19 Feb 1999 17:35:45 -0500  
From: Trevor Gryffyn <[email protected]>  
To: [email protected]  
Subject: Plaintext Password in Tractive's Remote Manager Software  
  
A pretty minor thing, but thought I'd bring it up anyway. I hope it hasn't  
already been reported.  
  
  
Software: Triactive's Remote Management Software  
Web Site: http://www.triactive.com/  
  
Software Description:  
  
Enables IS techs to remotely control (to a large degree, but not like  
pcAnywhere real-time control) a remote 95/98/NT machine. This includes  
viewing almost anything viewable as far as system configuration and settings  
go, browsing the system and execute programs via a forms based DOS utility,  
browsing the system and whatever it can view via Network Neighborhood (with  
that machine's permissions) and rename, delete, remotely launch, edit,  
download, etc files. It even allows you to view and modify the registry of  
the machine that it's running on.  
  
  
Problem Description:  
  
There are two forms of authentication that this program can use. Either  
authenticate off of an NT machine, Basic (clear text) or Challenge and  
Response (for 95 you have to have USER-LEVEL ACCESS CONTROL and a Domain  
configured in your Network settings for this to work) or by way of a  
username and password that you set in the program (on a 95 machine, if it's  
set for Share-Level Access control).  
  
It *will* warn you that it's best to use the User-Level access control, but  
if you chose not to, it stores the Username and Password that you define in  
plaintext under:  
  
HKLM\SOFTWARE\TriActive\Remote Manager\Username  
and..  
HKLM\SOFTWARE\TriActive\Remote Manager\Password  
  
  
  
I havn't had the opportunity to try this product on an NT machine yet to see  
if it does anything bad on that front, but there's a possibility.  
  
On the surface this is pretty minor, but if someone could gain access to  
your registry then you've just opened up a gateway to do a great deal of  
damage to your machine or be used to some degree to bounce off of your  
machine to do damage elsewhere especially coupled with other products out  
there.  
  
  
  
Trevor Gryffyn  
Meetinghouse Technologies  
[email protected]  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
triactive softwareremote managementplaintext passwordregistry accesssecurity risk.
26
.json
Report