Advertisement




Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2012080188

Below is a copy:

CWE-316: Plain-text Storage in Memory
(http://cwe.mitre.org/data/definitions/316.html)
Attack Phase: Post-Exploitation
Activity Class: Sensitive Data Harvesting


1. OVERVIEW

An insecure application development practice is still prevalent in
popular applications that load sensitive information (i.e. user
credentials) unencrypted in their respective process memory. Remote
attackers who compromise a user's system or malicious softwares could
scan a particular process memory for sensitive information.


2. AFFECTED SOFTWARES

- iTunes (Tested on 10.x)
- pfingoTalk (Tested on version: 4.x)
- pidgin (Tested on version: 2.x)
- Tencent QQ (Tested on version: QQ2009 SP3)
- zFTP Server (Tested on version: 2011-04-13)
- FileZilla (Tested on version 3.x)
- ...

3. PROOF-OF-CONCEPT/EXPLOIT

- a) pmdump.exe [Process ID] Process.dump
- b) bin_find.py Process.dump [Password/Username]
or
strings.exe -a -n 5 Process.dump


4. CREDIT

This vulnerability was discovered by Myo Soe, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.


5. REFERENCES

Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/%5Bmultiple-apps%5D_plain-text_storage_in_memory
pmdump: http://ntsecurity.nu/toolbox/pmdump/
bin_find.py : http://core.yehg.net/lab/pr0js/tools/bin_find.py
http://core.yehg.net/lab/pr0js/training/view/CWE-316_plaintext-storage-in-memory/
http://www.metasploit.com/modules/post/windows/gather/memory_grep/
http://carnal0wnage.attackresearch.com/2009/03/dumping-memory-to-extract-password.html

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.