[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hamachi Password Disclosure Vulnerability

Hamachi VPN Client Password Disclosure Vulnerability

1) Infos
Date : 2008-03-24
Product : Hamachi VPN Client
Version :
Vendor : www.hamachi.it/
Vendor Status :
2008-03-24 - Not Informed

Discovered/Provided By :

Giuseppe `Evilcry` Bonfa' - http://evilcry.altervista.org

E-mail : 


2) Security Issues

--- [ Password Disclosure Vulnerability ] ---

Hamachi is a Client for Trusted VPN Tunneling.
It presents a Password Disclosure Vulnerability, because User and Passwords
are not correctly protected for Memory Sniffing Attacks, so a local attacker,
with a basical Process Memory Dumper, could obtain the Connection Password.

--- [ PoC ] ---

If a user has saved him/her own Password, a malicious user can launch a 
Process Memory Dumper and look through the dumped memory and with a simple 
string searching he can retrieve user /password 

Useful keywords:


--- [ Patch ] ---

- No patch available from the vendor.