{"vuid":"VU#120593","idnumber":"120593","name":"Meridian Prolog Manager uses weak authentication to store and transmit user credentials","keywords":["Prolog Manager","information disclosure","predictable encryption","user credentials","INFO#11101"],"overview":"Meridian Systems Prolog Manager does not use sufficiently strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords.","clean_desc":"Meridian Systems Prolog Manager is a set of construction project management tools that are designed to interface with a Microsoft SQL Server. Prolog Manager administrators can choose to use one of the following methods to encrypt the passwords: no encryption\nstandard encryption\nenhanced encryption\nBy default, no encrytion is selected, and Prolog Manager does not use sufficiently strong encryption when standard encryption or enhanced encryption are selected. In addition, when a client logs into Prolog Manager, the authentication credentials of all users in the system are returned to the client. An attacker could obtain credentials by sniffing network traffic or by sending an invalid login request to the Prolog Manager server and capturing the response. The attacker may then be able to decrypt passwords offline.","impact":"An attacker who can intercept network traffic or send an invalid loin request can obtain authentication credentials and decrypt passwords.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Use database and network encryption \nEnabling the enhanced encryption option may increase the effort required for an attacker to decrpt passwords. See the Meridian November 2004 Product Tip for more information about enabling encryption. Using an encrypted VPN or similar technology when accessing the Prolog Manager server may prevent an attacker from sniffing network traffic.","sysaffected":"","thanks":"Information about this vulnerability was posted on the \nbugtraq\n mailing list.","author":"This document was written by Ryan Giobbi.","public":["http://www.meridiansystems.com/products/prolog/PM/projectmanagementtools.asp","http://www.meridiansystems.com/newsevents/newsletter/Newsletter_November_04_tip.htm","http://www.securityfocus.com/archive/1/484886/30/0/threaded","http://www.microsoft.com/protect/yourself/password/create.mspx","http://secunia.com/advisories/28065/"],"cveids":["CVE-2007-6330"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-08-20T17:27:46Z","publicdate":"2007-12-11T00:00:00Z","datefirstpublished":"2007-12-17T18:13:25Z","dateupdated":"2007-12-19T17:35:41Z","revision":44,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"19","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"3","cam_impact":"10","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"1.771875","cam_scorecurrentwidelyknown":"1.85625","cam_scorecurrentwidelyknownexploited":"3.54375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.771875,"vulnote":null}