{"id": "SECURITYVULNS:DOC:3881", "bulletinFamily": "software", "title": "Password Disclosure in Cryptainer", "description": "===================================================\r\nAdvisory: Password Disclosure in Cryptainer\r\nVendor: SecureSoft http://www.cypherix.com\r\nDownload Location: http://www.cypherix.com/downloads.htm\r\nVersions affected: Cryptainer PE and Cryptainer 2.0\r\nDate: 16th December 2002\r\nType of Vulnerability: Information Disclosure in Memory of Process\r\nSeverity: Medium\r\n\r\nDiscovered by: K. K. Mookhey (cto@nii.co.in)\r\nNetwork Intelligence India Pvt. Ltd. (http://www.nii.co.in)\r\nOnline location: http://www.nii.co.in/vuln/crypt.html\r\n===================================================\r\n\r\n\r\nBackground:\r\n=========\r\n>From vendor website: "Cryptainer PE's ease of use together with its powerful 448\r\nbit strong\r\nencryption provides file security without changing the way you work. It creates\r\na 100MB encrypted drive that can be loaded and unloaded as required. It combines\r\nease of use and simple drag-and-drop operations with powerful 448 bit strong\r\nencryption ensuring total security with phenomenal ease of use and maximum\r\nconvenience!"\r\nBoth products use the Blowfish algorithm.\r\n\r\n\r\nDescription:\r\n=========\r\nBoth the versions of Cryptainer store the password in clear text in the memory\r\nof the process without encrypting it or nullifying it. This password is clearly\r\nvisible as long as the following two conditions are satisfied:\r\n1. The user has entered the password at least once\r\n2. Cryptainer is loaded\r\nThe encrypted volume may or may not be loaded.\r\nSince this product comes with an option to minimize to the System Tray, it is\r\nquite likely that the user would keep Cryptainer running without loading the\r\nencrypted volume containing the encrypted files. In such a case, a user might\r\nassume that since the encrypted volume is not loaded, his files are safe. But an\r\nintruder who is able to dump the memory of the running process can ferret out\r\nthe password with relative ease. Besides the password, the physical path of the\r\nvolume is also clearly visible.\r\nAlso Cryptainer does not provide a limit to the number of wrong password\r\nattempts. So an intruder must collect the memory dump, and copy the physical\r\nlocation of the logical volume (which is actually one big file) onto his\r\nmachine, and then run Cryptainer and check all the strings in the memory dump\r\nfor the correct password.\r\n\r\n\r\nReferences:\r\n=========\r\nA similar vulnerability was found in Password Safe written by crypto-guru\r\nBruce Schneier. This was acknowledged by him and addressed by the developer of\r\nthe open source version of this product. Bruce Schneier's response is here:\r\nhttp://www.counterpane.com/crypto-gram-0111.html#6\r\n\r\n\r\nImpact:\r\n=====\r\nFirst of all, the intruder would need to have physical access to the PC in order\r\nto gather a physical dump. Moreover, it would be necessary to have Cryptainer\r\nrunning - either with the encrypted volume loaded or unloaded. This however is\r\nnot\r\nso uncommon. On the other hand, it is in the event of a physical intrusion, that\r\none would need the encryption software to protect one's data. Therefore, the\r\nphysical access event must be assumed as having occured. Then, the\r\nestimated probability of a compromise must be that of Cryptainer running in the\r\nSystem Tray, and the user having used the software at least once.\r\n\r\n\r\nVendor Response:\r\n=============\r\nThe vendor response is somehow not so clear. We have corresponded with them\r\nrepeatedly\r\nsince November 23rd. The essence that we have been able to make out is that they\r\nwill probably look into it in their next release sometime in the first quarter\r\nof 2003. Their contention is also that with the kind of physical access required\r\nfor this to work, the intruder might as well install a keylogger.\r\n\r\n\r\nWorkaround:\r\n==========\r\nDo not keep Cryptainer minimized in the System Tray even if you have unloaded\r\nthe encrypted volume. Exit the software as soon as you have finished\r\nencrypting/decrypting the files, by clicking on the Shutdown and Exit button.\r\n\r\n\r\nNote:\r\n====\r\nThe software is still pretty secure, and if you do not keep Cryptainer in the\r\nSystem Tray you should be safe.\r\n\r\n\r\nK. K. Mookhey\r\nCTO,\r\nNetwork Intelligence India Pvt. Ltd.\r\nTel: 91-22-22001530, 22006019\r\nEmail: cto@nii.co.in\r\nWeb: www.nii.co.in\r\n=================================\r\nThe Unix Auditor's Practical Handbook\r\nhttp://www.nii.co.in/tuaph.html\r\n=================================\r\n", "published": "2002-12-16T00:00:00", "modified": "2002-12-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3881", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:06", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 1.8, "vector": "NONE", "modified": "2018-08-31T11:10:06", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:06", "rev": 2}, "vulnersScore": 1.8}, "affectedSoftware": [], "immutableFields": []}

{"rst": [{"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **5[.]187.4.119** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nASN 44066: (First IP 5.187.0.0, Last IP 5.187.7.255).\nASN Name \"DEFIRSTCOLO\" and Organisation \"wwwfirstcolonet\".\nASN hosts 166007 domains.\nGEO IP information: City \"Frankfurt am Main\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:2075C76E-3E06-3881-B198-26722FB8A202", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 5.187.4.119", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **182[.]151.3.137** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **3**.\n First seen: 2020-03-08T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 38283: (First IP 182.151.0.0, Last IP 182.151.63.255).\nASN Name \"CHINANETSCIDCASAP\" and Organisation \"CHINANET SiChuan Telecom Internet Data Center\".\nASN hosts 178362 domains.\nGEO IP information: City \"Chengdu\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-03-08T00:00:00", "id": "RST:C0486AA7-5AAC-3881-A17E-47EE52F5AE0F", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 182.151.3.137", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **91[.]102.72.48** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **17**.\n First seen: 2021-01-22T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **shellprobe**.\nASN 39045: (First IP 91.102.72.0, Last IP 91.102.79.255).\nASN Name \"GAZTELECOMAS\" and Organisation \"\".\nASN hosts 56 domains.\nGEO IP information: City \"Belousovo\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-22T00:00:00", "id": "RST:C62A0C6C-881E-3881-AA05-FE676D64EF95", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 91.102.72.48", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **95[.]216.120.147** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nASN 24940: (First IP 95.216.0.0, Last IP 95.217.255.255).\nASN Name \"HETZNERAS\" and Organisation \"\".\nThis IP is a part of \"**hetzner**\" address pools.\nASN hosts 5409838 domains.\nGEO IP information: City \"Helsinki\", Country \"Finland\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:11B9314D-CE4A-3881-AB58-76F7CE945659", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 95.216.120.147", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **103[.]80.49.213** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-26T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **shellprobe**.\nASN 136023: (First IP 103.80.48.0, Last IP 103.80.51.255).\nASN Name \"PTEASAP\" and Organisation \"PTE Group Co Ltd\".\nASN hosts 3266 domains.\nGEO IP information: City \"\", Country \"Thailand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-26T00:00:00", "id": "RST:04240597-48E3-3881-BA30-B6C8EA78365C", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 103.80.49.213", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **103[.]249.23.27** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **14**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **shellprobe**.\nASN 38247: (First IP 103.249.20.0, Last IP 103.249.23.255).\nASN Name \"VIETNAMOBILEASVN\" and Organisation \"Vietnamobile Telecommunications Joint Stock Company\".\nASN hosts 22 domains.\nGEO IP information: City \"Ho Chi Minh City\", Country \"Vietnam\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:E68EAAB4-E3C8-3881-AA37-F608A14C5E1B", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 103.249.23.27", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **102[.]53.12.119** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **47**.\n First seen: 2021-04-09T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **shellprobe**.\nASN 6713: (First IP 102.52.192.0, Last IP 102.53.15.255).\nASN Name \"IAMAS\" and Organisation \"\".\nASN hosts 8223 domains.\nGEO IP information: City \"Casablanca\", Country \"Morocco\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-09T00:00:00", "id": "RST:55F976A1-F5D3-3881-84B3-26467746D4D4", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 102.53.12.119", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **117[.]5.153.40** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **42**.\n First seen: 2021-04-07T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **generic**.\nASN 7552: (First IP 117.5.142.0, Last IP 117.5.171.255).\nASN Name \"VIETELASAP\" and Organisation \"Viettel Group\".\nASN hosts 60983 domains.\nGEO IP information: City \"Thai Binh\", Country \"Vietnam\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-07T00:00:00", "id": "RST:36F63911-4F42-3881-8B3E-A2F36ED82588", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 117.5.153.40", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **121[.]196.37.248** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **generic**.\nASN 37963: (First IP 121.196.0.0, Last IP 121.199.255.255).\nASN Name \"CNNICALIBABACNNETAP\" and Organisation \"Hangzhou Alibaba Advertising CoLtd\".\nASN hosts 2769895 domains.\nGEO IP information: City \"\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:A8CFFBE0-F3D4-3881-BA26-B2F752AC80E1", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 121.196.37.248", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **159[.]224.45.45** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **29**.\n First seen: 2021-03-15T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **generic**.\nASN 13188: (First IP 159.224.0.0, Last IP 159.224.179.255).\nASN Name \"TRIOLAN\" and Organisation \"\".\nASN hosts 1454 domains.\nGEO IP information: City \"Kharkiv\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-15T00:00:00", "id": "RST:11208998-9A95-3881-B4DC-47B916C38093", "href": "", "published": "2021-04-11T00:00:00", "title": "RST Threat feed. IOC: 159.224.45.45", "type": "rst", "cvss": {}}]}