注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

醉雨他乡游的博客

—— 记录生活中的点点滴滴, 开心与伤心, 回忆与憧憬, 成功与失败, 酸甜苦辣

 
 
 

日志

 
 

6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities  

2015-06-14 14:16:04|  分类: Weak Encryption |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities - tetraph - Tetraph  的博客
 



6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities



Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities

Vendor: 6kbbs

Product: 6kbbs

Vulnerable Versions: v7.1   v8.0

Tested Version: v7.1   v8.0

Advisory Publication: June 08, 2015

Latest Update: June 10, 2015

Vulnerability Type: Inadequate Encryption Strength [CWE-326]

CVE Reference: *

CVSS Severity (version 2.0):

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)






Recommendation Details:



(1) Vendor & Product Description:



Vendor:

6kbbs




Product & Vulnerable Versions:

6kbbs

v7.1

v8.0




Vendor URL & download:

6kbbs can be gain from here,

http://www.6kbbs.com/download.html





Product Introduction Overview:

"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small; Interface generous and good scalability; functional and practical pursuing superior performance, good interface, the user's preferred utility functions. Forum Technical realization (a) interface : using XHTML + CSS structure, so the structure of the page , easy to modify the interface ; save the transmission static page code , greatly reducing the amount of data transmitted over the network ; improve the interface scalability , more in line with WEB standards, support Internet Explorer, FireFox, Opera and other major browsers. (b) Program : The ASP + ACCESS mature technology , the installation process is extremely simple , the environment is also very common."



"(1) PHP version : (a) 6kbbs V8.0 start using PHP + MySQL architecture. (b) Currently ( July 2010 ) is still in the testing phase , 6kbbs V8.0 is the latest official release. (2) ASP Version: 6kbbs (6k Forum) is an excellent community forum process . The program is simple but not simple ; fast , small ; interface generous and good scalability ; functional and practical . pursue superiority , good interface , practical functions of choice for subscribers."






(2) Vulnerability Details:

6kbbs web application has a computer security problem. It can be exploited by weak encryption attacks. The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.



Several 6kbbs products 0-day web cyber bugs have been found by some other bug hunter researchers before. 6kbbs has patched some of them. "The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the web securities have been published here.





Source Code:

<?php

if(empty($row)){

        $extrow=$db->row_select_one("users","username='{$username}'");

        if(!empty($extrow) && !empty($extrow['salt'])){

                if(md5(md5($userpass).$extrow['salt'])==$extrow['userpass']){

                        $row=$extrow;

                        $new_row["userpass"]=$userpass_encrypt;

                        $new_row["salt"]="";

                        $db->row_update("users",$new_row,"id={$extrow['id']}");

                }

        }

}

?>




Source Code From:

http://code.google.com/p/6kbbs/source/browse/trunk/convert/discuz72/loginext.php?r=16



We can see that "userpass" stored in cookie was encrypted using "$userpass" user password directly. And there is no "HttpOnly" attribute at all. Since md5 is used for the encryption, it is easy for hackers to break the encrypted message.



"The MD5 message-digest cryptography algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. Papers about it have been published on Eurocrypt, Asiacrypt and Crypto. Meanwhile, researchers focusing on it spread in Computer Science, Computer Engineering, IEEE and Mathematics. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. The source code in RFC 1321 contains a "by attribution" RSA license." (Wikipedia)










References:

http://seclists.org/fulldisclosure/2015/Jun/34

http://lists.openwall.net/full-disclosure/2015/06/11/6

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02160.html

https://packetstormsecurity.com/files/132270/6kbbs-7.1-8.0-Weak-Cryptography.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/2092

http://tetraph.blog.163.com/blog/static/234603051201551415853846/#

http://essaybeans.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html

https://mathfas.wordpress.com/2015/06/14/6kbbs-weak-encryption/

http://tetraph.com/security/weak-encryption/6kbbs-v8-0-weak-encryption/

http://securityrelated.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html

https://vulnerabilitypost.wordpress.com/2015/06/11/6kbbs-v8-0-weak-encryption/

http://www.inzeed.com/kaleidoscope/computer-security/6kbbs-v8-0-weak-encryption/
















  评论这张
 
阅读(11)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017