From: ByteRage [byterage@yahoo.com] Sent: Friday, July 20, 2001 9:24 AM To: bugtraq@securityfocus.com Subject: NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows AFFECTED SYSTEMS NWAuth module as used by DMail, SurgeFTP, others... (cfr www.netwinsite.com) I've tested SurgeFTP in particular The source code for NWAuth 2.0 can be found at http://www.netwinsite.com/dmail/nwauth.htm The source is provided on all platforms and for Windows and most Unix based platforms it is pre-compiled, as nwauth.exe or nwauth. DESCRIPTION The 'NetWin Authentication module' which is used by SurgeFTP, DMail and other programs uses a quite 'unusual' hashing algorithm to store the password hashes. Because of the complexity of the hashing algorithm, the users of NWAuth may not be aware of it, but the algorithm is flawed in (at least) two ways : 1) the password hashes can be decrypted 2) one hash can match more than one password So basically I'm saying that one user doesn't have one password, but he can have a few million besides the one that he was actually assigned. (no comment...) Fortunately, SurgeFTP has some anti-hammering techniques implemented to prevent bruteforcing. As for the decryption, I've attached source code (nwauthcrack.c) that will generate all possible passwords for a given hash. The password hashes used by fe SurgeFTP can be found within the files \surgeftp\admin.dat (sysadmin password) & \surgeftp\nwauth.clg (user passwords) Storing the passwords using MD5 hashes would probably be a better idea, maybe added up with a simple cipher to prevent the average script kiddie from attacking the passwordfile with canned tools. (this type of hashing is done by Serv-U FTP) And if one really wants to implement salting, then append the username to the password and feed it into the MD5 hashing algorithm, it has the same effect, it's easier and much more secure. =-=- NWAuth also has alot of buffer overflows riddled throughout the source code (especially older versions, like 2.0), which might lead to serious flaws in programs that use this module. Although version 2.0 probably contained much more of them, here are some examples of buffer overflows which are still not fixed in version 3.0b : -> the nwauth -del command causes an access violation when supplied with a very long username, this might not be a big deal since only administrators are supposed to delete users -> the nwauth -lookup command causes an access violation when supplied a username of about 1000 characters, this might be triggered by an attacker if the program would pass this username from a "USER" command greetz, [ByteRage] byterage@yahoo.com [http://byterage.cjb.net] __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/