In association with heise online

Cracked

When we took a look at the data on the heap, we found a plain text string of "PwdHashes". Following this there was 40 bytes of data – right where you would expect two SHA-1 hashes to be found. A quick test with the password "test1234" revealed that the data structure had indeed grown by an additional 20 bytes to accommodate for our test password's SHA-1 hash.

Memory dump with hash
Zoom Checking with "echo -n heise1234 | sha1sum" reveals an unsalted SHA-1 hash of the password in memory.

Apparently, the developers added a password history function to the software to prevent passwords from being used twice. This action is often called for in corporate environments, though the benefits are not proven. When asked about the software features by heise-online UK, MXI Security told us that the password history feature is something that had been requested by their customers. It is a later addition, not part of the original product design. Password history is not enabled by default, but is an option that must be turned on using the MXI ACCESS security management software. Unfortunately it seems the developers made a number of mistakes when they implemented this function. As a result we were able to obtain the plaintext password and access the encrpyted partiton.

The first mistake is that the comparison of the current with the previous password takes place on the PC and not on the stick, as the lack of specific USB communication proves. The software gets the list of hashes from a part of the memory on the stick. When we then inserted the stick into a second PC that we had not yet included in the test, launched the login program and sure enough the hashes were again visible. So the second mistake is that the memory containing the hashes is readable even if you haven't logged on. In fact, the login software even helps you by loading the password hashes on launching. Then, all you need to do is sic a debugger on the active process to extract them.

Which brings us to the third, final – and fatal – mistake: these hashes are a piece of cake to resolve – unsalted cake, that is. You can use rainbow tables to crack them fairly quickly. For instance It would only take you around 15 minutes to crack an eight-character password consisting both of numbers and letters. It would not have taken much salt to have ruled out this type of attack entirely.

As already mentioned, MXI Security confirmed that this function was developed as an add-on for the enterprise version. As originally implemented, in return for a questionable gain in security, this add-on function undermined the USB stick's sophisticated security concept. MXI Security said it was able to reproduce the attack based on our description. Within a week, the firm released a security advisory and updated its software to Access Enterprise 3.1 [2]. A brief test revealed that the hashes now have at least a grain of salt. The moral of all this is that designing and implementing a secure system requires very careful attention to detail. It also demonstrates how customer requirements and how security features are actually used often compromise security.

(ju)

Literature

[1] Policy For Stealth MXP, FIPS-Policy tests – PDF
[2] Security Bulletin: MXI06-001, Security bulletin from MXI Security

Print Version | Permalink: http://h-online.com/-746215
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit