[36160] in bugtraq
Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption
daemon@ATHENA.MIT.EDU (Dave Warren)
Wed Aug 18 08:08:41 2004
Message-ID: <4121E007.4090407@devilsplayground.net>
Date: Tue, 17 Aug 2004 04:37:59 -0600
From: Dave Warren <dave.warren@devilsplayground.net>
MIME-Version: 1.0
To: Adik <netninja@hotmail.kg>
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
In-Reply-To: <1092676733.4120ec7d5c7c1@www.hotmail.kg>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
Adik wrote:
>IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
>encrypt its user passwords. Have a look at attached proof of concept tool, which will decrypt user password from local machine instantly.
>
>
Unfortunately being able to decrypt passwords is absolutely required in
order to support APOP, or SMTP CRAM-MD5 authentication.
With that in mind, this isn't so much a bug, but rather a design flaw
necessitated to support the protocols involved.
--
Dave Warren,
Email/MSN MSG: dave.warren@devilsplayground.net
Phone: (403) 770-6140 Vonage: (817) 886-0860
Cell: (403) 371-3470 Toll free: (888) 371-3470
ICQ: 17848192 AIM: devilspgd
