Telecommunication Software SAMwin Contact Center Suite 5.1 Password SAMwinLIBVB.dll passwordScramble improper authentication
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.0 | $0-$5k | 0.13 |
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble
in the library SAMwinLIBVB.dll of the component Password Handler. The manipulation with an unknown input leads to a improper authentication vulnerability. The CWE definition for the vulnerability is CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. As an impact it is known to affect confidentiality, and integrity.
The weakness was published 03/13/2014 by Tobias Ospelt and Max Moser with modzero AG as MZ-13-07 as not defined advisory (Website). The advisory is available at modzero.ch. The public release has been coordinated with the vendor. This vulnerability was named CVE-2013-10004. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are known, but there is no available exploit. Responsible for the vulnerability is the following code:
void function passwordScramble n = strlen(pwd) pwd = toupper(pwd) hashsum = 0 for (i = 0; i < n; i++) { hashsum += (i+1) * pwd[i]; } return hashsumThe advisory points out:
The probability that a certain hash value occurs is highly non-uniform (...) It roughly resembles a slightly skewed normal distribution centered around 3700 with a standard deviation of about 450. 90% of all possible password inputs will result in hash values between 3000 and 4500. The odds that a randomly chosen password from the 5.44 * 10^19 possible values will have the exact hash value 3700 is about 1:1138. An attacker is able to exploit this statistical property to speed up a brute-force attack: he constructs a list of password candidates with exactly one password for every possible hash value. Optimally, he guesses candidates from this list in order of descending probability.
The vulnerability was handled as a non-public zero-day exploit for at least 174 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 6.2 eliminates this vulnerability. The advisory contains the following remark:
It is recommended to limit the number of possible password tries for all accounts. The vendor will not provide any fixes for previous versions.
Similar entries are available at 12789 and 12788.
Affected
- Telecommunication Software SAMwin Contact Center Suite 5.1
- Telecommunication Software SAMwin Agent 5.01.19.06
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.5
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: SAMwin Contact Center Suite 6.2
Timeline
09/20/2013 🔍09/24/2013 🔍
03/13/2014 🔍
04/03/2014 🔍
05/24/2022 🔍
Sources
Advisory: MZ-13-07Researcher: Tobias Ospelt, Max Moser
Organization: modzero AG
Status: Not defined
Coordinated: 🔍
CVE: CVE-2013-10004 (🔍)
See also: 🔍
Entry
Created: 04/03/2014 17:21Updated: 05/24/2022 15:15
Changes: 04/03/2014 17:21 (53), 03/31/2019 21:58 (1), 05/24/2022 15:15 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.