Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Multiple Vulnerabilities In P-Synch Password Management

From: JeiAr (jeiarkmfms.com)
Date: Thu May 29 2003 - 00:26:21 CDT

Multiple Vulnerabilities In P-Synch Password Management
The other night I came across a server running P-Synch.
I had never heard of it so i was curious to poke around
on it a bit. Within an hour i found the vulns listed below.
Im pretty sure there are other more serious vulns in
P-Synch, but they are very picky about who they give thier
software to, even an evaluation version. So was not able
to test any further. However i encourage any admins running
P-Synch to poke around on it, just to be on the safe side.

P-Synch Total Password Management Solution
P-Synch is a total password management solution. It is
intended to reduce the cost of ownership of password systems,
and simultaneously improve the security of password protected
systems. This is done through: -Password Synchronization.
-Enforcing an enterprise wide password strength policy.
-Allowing authenticated users to reset their own forgotten
passwords and enable their locked out accounts. -Streamlining
help desk call resolution for password resets. P-Synch is
available for both internal use, on the corporate Intranet,
as well as for the Internet deployment in B2B and B2C


All of these problems are simple, self explanatory vulns
so, i'm sure the below examples will speak for themselves.
Once again this application was NOT thoroughly researced.
So anyone with a copy of P-Synch might wanna explore it

Path Disclosure Vulnerability

Code Injection Vulnerability
https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]

File Include Vulnerability

All credits go to JeiAr of GulfTech Computers and CSA
Security Research http://www.gulftech.org