14 matches found
EUVD-2008-0590
Malware in sbrugna...
Design/Logic Flaw
Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering...
CVE-2008-0581
Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch...
CVE-2008-0580
Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering...
Default credentials
Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...
CVE-2007-6340
Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...
Default credentials
Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch...
CVE-2008-0581
Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch...
CVE-2007-6340
Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...
CVE-2008-0580
CVE-2008-0580 concerns Geert Moernaut’s LSrunasE and Supercrypt components that use an encryption key derived from an SHA1 hash of a fixed string embedded in the executable. The fixed-key approach means local users can obtain the key without reverse engineering, undermining confidentiality of the...
CVE-2008-0581
CVE-2008-0581 involves Geert Moernaut LSrunasE and describes a local privilege escalation where a user can obtain the encrypted password from a batch file and then create a modified batch file that uses the /password switch to supply that password and the /command switch to run an arbitrary progr...
CVE-2007-6340
The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...
LSrunasE and Supercrypt cryptogoraphic vulnerabilities
Cryptography is implemented in insecure way...
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: LSrunasE, Supercrypt Vendor: Geert Moernaut Type: Flawed Encryption Risk: Medium Author: Daniel Roethlisberger Date: 2008-01-29 CVE Name: CVE-2007-6340 Introduction ------------ LSrunasE 1 and Supercrypt 2 are utilities used to run commands...