Hello together, we’ve found the following vulnerability below.
Affected software: Tomedo Server 1.7.3 Vulnerability type: Cleartext Transmission of Sensitive Information & Weak Cryptography for Passwords Vulnerable version: Tomedo Server 1.7.3 Vulnerable component: Customer Tomedo Server that communicates with Vendor Tomedo Update Server Vendor report confidence: Confirmed Fixed version: Version later then 1.7.3 Vendor notification: 20/09/19 Solution date: 25/09/19 CVE reference: CVE-2019-17393 CVSS Score: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Credits: Chris Hein, ProSec GmbH Communication Timeline: 20th September 2019 Initial contact - no response 25th September second contact attempt 28th September Vendor responded and released an update 14th October fulldisclosure Vulnerability Details: The Customer’s Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication what’s makes it possible to base64 decode the sniffed credentials and get hold of the username and password. Proof of concept: Capture the traffic between the Tomedo servers via a proxy or a MITM attack and base64 decode the credentials from the HTTP GET request. Best regards / Mit freundlichen Grüßen Dr. h.c. Tim Schughart CEO / Geschäftsführer -- ProSec GmbH Robert-Koch-Straße 1-9 56751 Polch Website: https://www.prosec-networks.com E-Mail: i...@prosec.networks.com Phone: +49 (0)261 450 930 90 Sitz der Gesellschaft / Company domiciled in: Polch Registergericht / registry Court: Amtsgericht Koblenz, HRB 26457 Geschäftsführer: Tim Schughart UST-IdNr./ VAT ID: DE321817516 "This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED information and is intended only for the named recipient(s). Any unauthorized use, dissemination, copying or forwarding is strictly prohibited. If you are not the intended recipient and have received this email communication in error, please notify the sender immediately, delete it and destroy all copies of this E-Mail. "Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und vernichten alle Kopien. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/