exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

timbuktu.txt

timbuktu.txt
Posted Feb 22, 2002
Authored by Ernesto Tequila | Site digreb.de

Timbuktu Pro 4.5 Build 869 and below stores the usernames in clear text in an unlocked file, allowing anyone to replace the tb2.plu file with one created at home with a known username / password combination and no restrictions at all. After a restart of the Timbuktu application it reads the new user / passes from the file, granting the intruder full administrator access.

SHA-256 | 0463c1c6762ce3fad56297e7af028a4c466c4889129d7ab93da7f9adefa2c80d

timbuktu.txt

Change Mirror Download


o0O Digital_Rebels O0o

- Advisory #1 -


--[Facts]--

Advisory : DR.Timbuktu.Database.Insecurity

Date : 19.02.02

Application : Timbuktu Pro 4.5 Build 869
(former versions are likely to be affected, too)

Impact : Overriding User-Database

Author : Ernesto Tequila


--[Introduction]--

</snip>

For IT professionals, Timbuktu Pro means the best
remote control technology for reducing the Total
Cost of Ownership, while simultaneously increasing
productivity across the enterprise. For telecommuters,
Timbuktu is an indispensable remote collaboration and
communications tool that enables professionals to
connect to remote machines in real time.

</snap>

--[Advisory]--

Timbuktu is a Remote Access Server / Client for Windows
and Mac environments. It gives the user control over
the server according to it's restrictions set in the
User-Database of the server. All user information is
stored on the server side in a file called tb2.plu which
normally resides in <device>:\Programme\Timbuktu Pro.
Timbuktu stores the usernames in cleartext in this file
giving anyone the possibility to look up user accounts.
Even more critical is the point that this file is not
locked during the operation of the server, giving
intruders the possibility to replace the tb2.plu file
with one created at home with a known username /
password combination and no restrictions at all. After
a restart of the Timbuktu application it reads the new
user / passes from the file, granting the intruder full
administrator access!

--[Patch]--

No patch available at the moment

Check www.netopia.com for updates!

--[Contact]--

Ernesto Tequila <ernesto@digreb.de>

www.digreb.de

--[Shouts]--

..:: DigReb, HDC, THC ::..

..:: Rolex, xaitax, Lazarus, Leh, Semmel, marts, hb-man ::..

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close