Title: Funk Software Proxy Weak Password Storage Vulnerability
Severity: MODERATE
Description:
Proxy is a remote host administration tool distributed and maintained by Funk Software. It is available for the Microsoft Windows platforms.
A problem with Proxy could make it possible for users to gain elevated privileges on a system. The problem is in the storage of password values.
Proxy uses weak encryption to store the password values of Proxy. In doing so, passwords allowing the remote login of administrators may be recovered. This could lead to a user gaining elevated privileges on a host.
On Windows 2000 and NT 4.0 hosts, the password is stored in the registry. On Windows 9X systems, this value is stored in the PHOST.INI file, contained in the Proxy install directory. This problem is compounded by the vulnerability Bugtraq ID 4458 titled "Funk Proxy Weak Default Installation Permissions Vulnerability."
Affected Products:
- BindView NETrc 1.0.0
- BindView NETrc 3.0.06
- Funk Software Proxy 3.0.0
- Funk Software Proxy 3.6.0
- Funk Software Proxy 3.9.0
- Funk Software Proxy 3.9.0a
References:
- Funk Software: Proxy Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
