пятница, 1 июня 2007 г.

Фленов о Нортоне

Symantec Norton Ghost 10 Recovery Points Insecure Password Storage

Date: 1 may 07

Norton Ghost allows you to schedule snapshots of local disks for backup and recovery purposes. If these recovery points are set to save to a remote network share Ghost will prompt the user to enter a user name and password for the share.

Password information entered into Ghost for this purpose is encrypted and saved to the local file system in the applications home directory which has read access allowed for all users.

The encryption key used by Ghost to decrypt these stored credentials is derived from the MD5 hash of the plain text user name stored in the configuration file. Since every user on the system has read access to these configuration files, any user can decrypt the stored passwords.

This vulnerability is the result of insecure encryption utilization plus insecure file permissions.

Solving: download the latest update from vendor via LiveUpdate

Комментариев нет: