Executive Summary

Summary
Title CollabNet ScrumWorks Basic Server transmits credential information in plaintext
Informations
Name VU#547167 First vendor Publication 2011-01-21
Vendor VU-CERT Last vendor Modification 2011-01-21
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#547167

CollabNet ScrumWorks Basic Server transmits credential information in plaintext

Overview

Communication between the Collabnet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client transmits credential information in plaintext.

I. Description

The communication between the CollabNet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client is transmitting credential information in plaintext. The CollabNet ScrumWorks Basic Server communicates with the CollabNet ScrumWorks Desktop Client using unencrypted java objects. These unencrypted java objects contain the username and password of the active user or (by calling specific functions) all users on the CollabNet ScrumWorks Basic Server.

An additional vulnerability exists in CollabNet ScrumWorks where the ScrumWorks Basic Server stores unencrypted client username and passwords in its internal database.

II. Impact

An attacker could view the credentials of the active client or all of the authenticated client's username and password hashs using a packet capturing tool.

III. Solution

CollabNet has stated to CERT that the client passwords are encrypted in CollabNet ScrumWorks Pro, and there are no plans for adding an encryption feature into CollabNet ScrumWorks Basic. CollabNet ScrumWorks Basic should not be used for sensitive data.

Restrict access

Restrict network access to the CollabNet ScrumWorks and other devices using open protocols like HTTP.

Vendor Information

VendorStatusDate NotifiedDate Updated
CollabNetAffected2010-12-202011-01-17

References

Credit

Thanks to David Elze from Daimler TSS Technical Security for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:2011-01-21
Date First Published:2011-01-21
Date Last Updated:2011-01-21
CERT Advisory: 
CVE-ID(s):CVE-2011-0410
NVD-ID(s):CVE-2011-0410
US-CERT Technical Alerts: 
Severity Metric:14.40
Document Revision:21

Original Source

Url : http://www.kb.cert.org/vuls/id/547167

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
70602 ScrumWorks Basic Server Base64-encoded Credentials Transmission

ScrumWorks Basic Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the login credentials for the server are transmitted as Base64-encoded text, which will disclose login information to a remote attacker via sniffing network traffic.
70601 ScrumWorks Basic Server server/scrumworks/data/hypersonic/scrumworks.log Plai...

ScrumWorks Basic Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the login credentials for the server component are stored in cleartext within the 'server/scrumworks/data/hypersonic/scrumworks.log' file, which will disclose login information to a local attacker.