GE Fanuc Proficy Real-Time Information Portal敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1187836 漏洞类型 加密问题
发布时间 2008-01-25 更新时间 2008-11-10
CVE编号 CVE-2008-0174 CNNVD-ID CNNVD-200801-408
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/30754
https://cxsecurity.com/issue/WLB-2008010088
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200801-408
|漏洞详情
GEFanucProficyReal-TimeInformationPortal2.6以及之前的版本使用HTTP基本的身份认证,而该身份认证会以base64-encoded明文的形式发送用户名和密码以及允许远程攻击者偷取密码和获得特权。
|漏洞EXP
Background
-----------------
GE-Fanuc's Proficy Information Portal 2.6 is a web based reporting
application for the SCADA environment. As such it will usually be installed
in a buffer zone between the SCADA and the corporate network, which makes it
a very sensitive application as it can access both networks.
 
Description
----------------
The login process of Proficy involves sending the username in cleartext and
the password in Base64 encoded format. This transmition can potentially be
intercepted and decoded by an attacker with access to the data traffic.
 
Impact
----------
An attacker can harvest user credentials by intercepting the traffic between
the browser and the Proficy server.
 
Affected Versions
-------------------------
Proficy Information Portal 2.6
Previous versions may be vulnerable, as they were not tested.
 
Workaround/Fix
-----------------------
The vendor issued a KB article on how to resolve this vulnerability at the
GE-Fanuc website, yet the proposed solution was not verified by C4.
 
Additional Information
-------------------------------
For additional information please contact us at info (at) c4-security (dot) com. [email concealed] Note
that we will respond only to verified utility personnel and governmental
agencies.
The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0174
 
Credit
---------
This vulnerability was discovered by Eyal Udassin of C4.
 
Regards,
 
Eyal Udassin - C4 (Formerly Swift Coders)
33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel
eyal.udassin (at) c4-security (dot) com [email concealed] / www.c4-security.com
<http://www.c4-security.com/> 
+972-547-684989
|受影响的产品
GE Fanuc Proficy Real-Time Information Portal 2.6
|参考资料

来源:BID
名称:30754
链接:http://www.securityfocus.com/bid/30754
来源:BUGTRAQ
名称:20080125C4SecurityAdvisory-GEFanucProficyInformationPortal2.6AuthenticationVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/487075/100/0/threaded
来源:support.gefanuc.com
链接:http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459
来源:SECTRACK
名称:1019273
链接:http://securitytracker.com/id?1019273
来源:BUGTRAQ
名称:20080129Re:C4SecurityAdvisory-GEFanucProficyInformationPortal2.6AuthenticationVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/487244/100/0/threaded
来源:SREASON
名称:3590
链接:http://securityreason.com/securityalert/3590