Vulnerabilities > CVE-2007-5460 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0

047910
CVSS 4.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
low complexity
microsoft
CWE-327

Summary

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1
OS
Microsoft
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Encryption Brute Forcing
    An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • Cryptanalysis
    Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 25976 CVE(CAN) ID: CVE-2007-5460 Microsoft ActiveSync是用于同步计算机与PDA的应用程序。 ActiveSync设备建立连接口令交换的过程实现上存在漏洞,攻击者可能利用此漏洞获取口令信息。 插入到USB口时设备会使用类似于标准网络接口的连接,获得IP地址后设备会通过RAPI在990/TCP端口初始化与主机的通讯,这个过程也会经历一个小型的握手例程,如果合适的话,会对主机挑战设备PIN或口令。用户提供了主机的PIN/口令后,会通过XOR与E9固定密钥进行混淆,然后通过USB网络连接发送给设备进行验证。 这个过程会产生两个漏洞。首先,如果攻击者能够嗅探主机的网络连接的话,就可以恢复PIN/口令;其次,攻击者可以欺骗USB设备的插入过程诱骗用户提供PIN/口令。 以下面的报文为例: 0000 82 00 60 0f e8 00 80 00 60 0f e8 00 08 00 45 00 ..`..... `.....E. 0010 00 32 59 95 40 00 80 06 49 31 a9 fe 02 02 a9 fe .2Y.@... I1...... 0020 02 01 03 de 05 d0 e8 c0 cb c0 56 2e 41 75 50 18 ........ ..V.AuP. 0030 fa 6a 91 dd 00 00 08 00 d8 e9 db e9 da e9 dd e9 .j...... ........ 36字节处为口令长度(8个字节),之后为空,然后为与E9混淆的口令。由于对口令使用了UNICODE字符串,因此每第二个字节都为0x00 XOR 0xE9等于0xE9。 Microsoft ActiveSync 4.1 Microsoft Windows Mobile 5.0 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.microsoft.com/technet/security/" target="_blank">http://www.microsoft.com/technet/security/</a>
idSSV:2308
last seen2017-11-19
modified2007-10-18
published2007-10-18
reporterRoot
titleMicrosoft ActiveSync弱口令混淆信息泄露漏洞