Title: McKesson Pathways Homecare Weak Username and Password Encryption Vulnerability
Severity: MODERATE
Description:
McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. It uses a Microsoft SQL database to store the records and a Visual Basic client end application.
The administrative username and password for access to the SQL database are encrypted in the pwhc.ini file on the client system. The encryption method used to store these is very weak and can be easily reversed.
The following steps are taken during the encryption of the username/password:
The usernames and passwords are first reversed (username becomes emanresu), then the number of letters is checked. A number is then used to salt the hash. The number sequence is determined by checking if the username or password has an even or odd number of letters.
If the number is even, the salting sequence begins with 7. The rest of the sequence is determined by subtracting 3 from the previous value, then the next number is determined by adding 5 to the previous value (ie. 7, 4, 9, 6, 11, 8, etc.).
If the number is odd, the salting sequence begins with 3. The rest of the sequence is determined by adding 5 to the previous value, then the next number is determined by subtracting 3 from the previous value (ie. 3, 8, 5, 10, 7, 12, etc.).
The sequence is repeated for each letter in the username or password. Each number in the sequence is then subtracted from the bit value of each letter in the username or password.
The username and password to access the Visual Basic client are also stored with an easily reversible encryption method. The passwords can be a maximum of 15 characters.
If the username or password is even, the salting sequence is "FDHFJHLJNLPNRP".
If the username or password is odd, the salting sequence is "CGEIGKIMKOMQOSQ".
The ASCII values of each character in the salting sequence are then subtracted from the ASCII values of each character in the password.
Affected Products:
- McKesson Pathways Homecare 6.5.0
References:
- McKesson Information Solutions: Pathways Homecare Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
