Vulnerability Note VU#392654

Baramundi Management Suite transmits data and stores keys and credentials insecurely

Original Release date: 01 Oct 2013 | Last revised: 21 Aug 2014

Overview

Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission.

Description

CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593

Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in cleartext between the server and clients, and stores data in cleartext.

CWE-312: Cleartext Storage of Sensitive Information - CVE-2013-3624
When Baramundi Management Suite versions 7.5 to 8.9 is used for OS deployment, it stores the credentials in an unencrypted form on the deployed systems.

CWE-321: Use of Hard-coded Cryptographic Key - CVE-2013-3625
Baramundi Management Suite versions 7.5 to 8.9 utilizes a hard-coded encryption key stored in a dll file.

The CVSS score below applies to CVE-2013-3593.

Impact

Since the software is used as an operating system deployment solution, it must have administrative rights to operate. As such, there are several impacts:

Privilege Escalation

  • Administrative privileges can be obtained on any local machine that was installed via Baramundi Management Suite.
  • Administrative privileges in Microsoft Active Directory can potentially be obtained.

Credential Theft
  • Credentials may be obtained by sniffing the traffic on the network.

Solution

Apply an Update
Baramundi Management Suite 2014 addresses CVE-2013-3593 and CVE-2013-3624. While a public download is not available, baramundi software AG requests that customers contact technical support.

Encrypt network traffic
Use layer 3 encryption between clients and servers to prevent sniffing attacks.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
baramundi software AGAffected30 Jul 201318 Jun 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N
Temporal 6.3 E:F/RL:W/RC:UC
Environmental 1.6 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Damir Bozic for reporting this vulnerability.

This document was written by Chris King.

Other Information

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.