AOH :: HP Unsorted C :: B1A-1137.HTM

Cyberoam SSL VPN Client - Plain-text Storage of Username and Password
=?us-ascii?Q?Cyberoam_SSL_VPN_Client_-_Plain-text_Storage_of_Username_and?= =?us-ascii?Q?_Password?=
=?us-ascii?Q?Cyberoam_SSL_VPN_Client_-_Plain-text_Storage_of_Username_and?= =?us-ascii?Q?_Password?=

Cyberoam SSL VPN Client - Plain-text Storage of Username and Password

Vulnerability Summary:
Product: Cyberoam SSL VPN Client v1.0
Vendor: eLiteCore
Platform: Windows
Vulnerability Classification:  Insecure Storage of User Credentials
Issue Fixed in Version: Cyberoam SSL VPN
Issue Discovered By: Wasim Halani (washal)
Organization: Network Intelligence India Pvt. Ltd.
Advisory Link: 
Date of Advisory: 26th May, 2010

Product Info: 
 "SSL VPN client is used for establishing remote connections in full access
mode. A remote user having an internet connection can download and install
SSL VPN Client. Once the client is installed, an encrypted tunnel is
established for secure access to the corporate network after providing user

Vulnerability Description:
The Cyberoam SSL VPN client (CrSSL.exe) provides the user with an option to
save their credentials on the system for later use.

[IMG: ] 

These details (username and password) are stored in the Windows registry
under the HKEY_CURRENT_USER hive. 
The credentials are stored in plain-text in respective keys at the below
My Computer\HKEY_CURRENT_USER\Software\SslElite\CrSSL-Client
[IMG: ] 

Vendor Communication:
27th October, 2009 - Vendor informed about vulnerability
28th October, 2009 - Confirmation of receipt of email
6th November, 2009 - Vendor confirms issue. To be considered a 'feature
3rd March, 2010    - Vendor informs us that the next firmware release will
fix the issue.
5th May, 2010      - Vendor confirms that the version of the
Cyberoam SSL VPN and its corresponding SSL VPN client do not have the

[IMG: ] 

Upgrade to the latest Cyberoam SSL VPN version of the, available on the
vendor website 

We would like to thank Mr. Rakesh Patel of eLitCore for the cooperation he
has shown in fixing the vulnerability.

Wasim Halani
Security Analyst
Network Intelligence India Pvt. Ltd. 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to