Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13249
HistoryJun 19, 2006 - 12:00 a.m.

[NEWS] Daylite Password Disclosure

2006-06-1900:00:00
vulners.com
34
JSON

The following security advisory is sent to the securiteam mailing list, and can be found at the
SecuriTeam web site: http://www.securiteam.com

    • promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

Daylite Password Disclosure

SUMMARY

" <http://www.marketcircle.com/&gt; Daylite 3 is a new generation of
productivity management software. "

Bad design of password retrieval allows attackers to gain login passwords
in Daylite

DETAILS

Vulnerable Systems:

  • Daylite version 1.7 and above
  • Daylite version 3 and prior

By connecting into the Daylite server, need to provide valid user name,
but can write anything as password. After rejecting the login, Daylite
will offer to send the password by email. Selecting this option sends an
email containing the target user's password to the target user's
configured email address.

The vulnerability exists due to the use of the attacker's SMTP server
configuration. By using a network sniffer or by setting the client
system's SMTP settings to a server under the control of the attacker, the
password can be easily discovered. The server then allows the attacker to
connect Daylite using the disclosed password.

Workaround:
Assuring that all users are configured with no email address will prevent
the client from attempting to send the password by email.

However, it's not clear that this will prevent a client from retrieving
passwords without authentication.

Disclosure Timeline:
May 11, 2006 - Initial vendor contact (via
http://www.marketcircle.com/kb/contact.php&#41;
May 18, 2006 - Repeat vendor contact (via [email protected])
May 24, 2006 - Daylite 3.0.3 released – vulnerability confirmed in new
version
May 25, 2006 - Contact to [email protected] for assistance
June 7, 2006 - Added Credit and Workaround sections
June 7, 2006 - Repeat vendor contact (via [email protected],
[email protected], [email protected],
[email protected], [email protected], and
[email protected])
June 13, 2006 - Public Disclosure

ADDITIONAL INFORMATION

The information has been provided by <mailto:[email protected]>
Security Alert.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
[email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]

====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages.

JSON