March 2014 Archives
2014-03-13
Multiple weaknesses in SAMwin call-center solution
Today, we published two advisories about weaknesses in the SAMwin Center Suite and SAMwin Agent of Telecommunication Software GmbH, a SIP based call-center solution.
Architecture
The first issue is a very basic weakness in the architecture of
the software: Hard-coded passwords, which allow anyone to directly
connect to back-end database servers of any deployment. This is
pretty bad, as not only user-accounts and passwords are stored in
this database, but also details and configuration regarding
call-forwarding etc. All access credentials can be extracted from
the executable files of the software installation.
Details about this can be found in our security advisory
MZ-13-06_SAMwin_Architectural_Issues.txt.
Password-Hashing
The second advisory details weaknesses in the propriatary
password-hashing algorithm.
The employed algorithm has unfavorable statistical properties and
is prone to collisions:
It is possible to create a sequence of password candidates to
optimally cover the space of possible hash values. With 3000
guesses in this sequence, an attacker will successfully gain access
with a probability of 99.9%. And with 5743 guesses he is able to
cover the whole space of possible hash values and succeed with
certainty.
All details and backgrounds about this issue can be found in our
security advisory
MZ-13-07_SAMwin_Collisions.txt.
Credits:
- David Gullasch
- Max Moser
- Tobias Ospelt
References:
- http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt
- http://www.modzero.ch/advisories/MZ-13-07_SAMwin_Collisions.txt
- http://www.telecomsoftware.com/samwin/