Title: Bardon Data Systems WinU Weak Encrypted Password Vulnerability
Severity: HIGH
Description:
Bardon Data Systems WinU is a full Windows 95/98/NT user interface replacement with added security features.
Versions of WinU prior to 5.2 utilizes a weak encryption scheme to encode its administrative password. The password is stored under HKEY_CLASSES_ROOT\WinU4\Config or HKEY_CLASSES_ROOT\WinU5\Config (depending on the version).
For versions 4.x - 5.0 of WinU, the encryption formula is as follows:
154 - ascii code value = encrypted value
Therefore, the letter "A" whose ascii code value is 65 would appear as 89 in encrypted form. The password is then reversed to further obfuscate the original value.
For version 5.1 of WinU, the encryption formula is as follows:
ascii code value + 101 = encrypted value
Deciphering the administrative password would yield full control over the WinU interface.
Affected Products:
- Bardon Data Systems WinU 5.1.0
References:
- Bardon Data Systems: WinU Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
