Gator stores unencrypted card numbers
Results 1 to 3 of 3

Thread: Gator stores unencrypted card numbers

  1. #1
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211

    Gator stores unencrypted card numbers

    I don't think many people here use junk spy ware programs like gator but if you do or know someone who does you might want to read this.

    The source
    http://www.snpx.com/cgi-bin/news.cgi...y/1006891.html

    Gator eWallet Discloses Credit Card Numbers and Passwords to Local Users and Other Information to Remote Users
    SecurityTracker Alert ID: 1006891 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: May 31 2003
    Impact: Disclosure of authentication information, Disclosure of user information
    Exploit Included: Yes
    Advisory: NovaPPC Security Research Group
    Description: Lorenzo Manuel Hernandez Garcia-Hierro of NovaPPC Security reported that the Gator eWallet discloses credit cards and passwords to local users. In addition, the Gator Corporation backup servers disclose some user information to remote users.

    It is reported that Gator eWallet stores private information, potentially including credit card numbers and passwords, on the target user's computer without encryption. The software reportedly uses Base64 encoding instead of an encryption algorith.

    The following files are used to store Gator eWallet information on the local system:

    mepgh.dat
    mepcme.dat
    meprca.dat
    mepcmeft.dat
    GMT.exe.manifest
    meperr.dat
    mepgus.dat
    mepoe m.dat
    mepsnd-gs.dat
    mepsnd-ksa.dat
    mepcat.dat
    sitehash4.dat

    It is also reported that a remote user can retrieve arbitrary user data files from the Gator backup servers.

    A demonstration exploit is provided:

    GET /scripts/xx/xxY.com.ffz HTTP/1.0
    Accept: */*
    X-UA: WinInet 6.0.xxxx.1, 1.1, 1.0
    If-Modified-Since: Thu, 06 Apr 2000 20:00:06 GMT
    User-Agent: Gator/4.1 Script 0
    SLRetries: 1
    SL-LastServer: xx.gator.com
    SL-LastErr: 12152
    SL-LastErr: 12152
    From: [SPOOFED USER /REQUEST ID]
    Script-Version: 0.4
    Product-Version: 4.1.2.5
    SL-Version: 2
    RunMode: 2
    Host: xxbackup.gator.com
    Connection: open

    In the above demonstration, 'xx' is the first two characters of the domain user data file and 'Y' is the remaining characters in the domain. The 'ffz' is the file extension of the script files used by backup server.

    [Editor's note: It is not clear exactly what kind of information can be retrieved from the backup servers. We have asked for clarification and will update this alert with any new details.]

    Additional information is provided (in Spanish language text) at:

    http://security.novappc.com/gator-analisis
    Impact: A local user can view private personal information stored in the eWallet.

    A remote user can obtain some data files for arbitrary users from the eWallet backup servers (operated by Gator Corporation).
    Solution: No solution was available at the time of this entry.
    Vendor URL: www.gator.com/about/ (Links to External Site)
    Cause: Access control error
    Underlying OS: Windows (Any)
    Reported By: Lorenzo Hernandez Garcia-Hierro <novappc@novappc.com>
    Message History: None
    Base64 can be can be converted to decimal form using the windows calculator or antionlines very own "encrypted text program" http://www.antionline.com/tools-and-toys/encrypt-text/
    Or by hand if you like doing things the hard way.

  2. #2
    Senior Member
    Join Date
    Apr 2003
    Posts
    103
    Nice post. A few months ago I got that crap on my system at work.
    \"Trying to outsmart a compiler defeats much of the purpose of using one.\" Kernighan & Plauger, The Elements of Programming Style.

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    115
    great post, our organization is working on all these wares that we've been able to subdue for time being. feels like there is conspiracy with these types of company and them!!! i may need to go to the darkside and find out the truth

    -w0rm3y

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides