Macintosh At Ease Apple Share automated login "feature"
|Description:||By default, At Ease will automate the login process to AppleShare servers, and store the login and password in clear text in the At Ease Preference file. You can usually read this file trivially by exploiting applications (like netscape file:// URLs).|
|Author:||Paul Melson <melson@SCNC.HOLT.K12.MI.US>|
|Compromise:||Unauthorised access to an AppleShare fileserver.|
|Vulnerable Systems:||Macintoshes, running At Ease and using the Auto Login "feature". |
|Date:||21 May 1997 |
Date: Wed, 21 May 1997 08:31:41 -0400
From: Paul Melson <melson@SCNC.HOLT.K12.MI.US>
Subject: Re: Mac/At Ease/Netscape File Access Exploit
> That's just the tip of the iceberg. Since the machine being attacked is
> 'netted' (obviously, else it wouldn't be running Netscape), there is lots
> more fun you can have with it. For example, given an email account
> somewhere you can use the 'mail url' feature to send yourself any file on
> the system, regardless of priviliges. A good file to send would be the
> 'At Ease Preferences' file which contains the master At Ease preferences.
> Once you have obtained this, cracking the password is trivial with a
> program such as DisEase, thus leading to a total comprimise.
Yep, and it gets worse. If you use an AppleShare server
(NetWare running APPLETLK.NLM or Linux running atalkd
would also count) as At Ease's startup volume, then At
Ease will automate the login process to the server. This
is be nasty because whoever is logged in when At Ease
is set up would automatically be logged in to the file
server every time At Ease starts up thereafter. But it
gets worse - the login information (ServerID, UserID,
Password) is stored in the 'At Ease Preferences' file.
This can be disabled from within the 'At Ease Setup
(Workgroups)' utility by simply un-checking the box
labeled 'Always remember the user's last-used AppleShare
logins.' But since the default is to use the auto-login
feature, I figured it was worth mentioning. FYI, disabling
this feature doesn't remove the original copy of the
AppleShare login information from the preferences file.
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: