Scribd
Upload
114 views2 pages

Vulnerabilities

The document reports on two vulnerabilities discovered in Faronics Deep Freeze software: 1) A weakly encrypted password is disclosed that allows complete access to the Deep Freeze configuration interface. An attacker can dump process memory or issue an IO control call to obtain the encrypted password. 2) A hashed customization code stored in executable files can be used to generate a one-time password and gain configuration access. The vulnerabilities affect multiple versions of Deep Freeze Standard, Enterprise, and Server editions. Proof-of-concept code is referenced but not provided. Faronics was not notified of the issues in advance of public disclosure.

Uploaded by

Gon Freecss
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
Download as txt, pdf, or txt
114 views2 pages

Vulnerabilities

The document reports on two vulnerabilities discovered in Faronics Deep Freeze software: 1) A weakly encrypted password is disclosed that allows complete access to the Deep Freeze configuration interface. An attacker can dump process memory or issue an IO control call to obtain the encrypted password. 2) A hashed customization code stored in executable files can be used to generate a one-time password and gain configuration access. The vulnerabilities affect multiple versions of Deep Freeze Standard, Enterprise, and Server editions. Proof-of-concept code is referenced but not provided. Faronics was not notified of the issues in advance of public disclosure.

Uploaded by

Gon Freecss
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
Download as txt, pdf, or txt
Download as txt, pdf, or txt
You are on page 1/ 2

Considering that:

a) Faronics is sending DMCA notices to researchers describing vulnerabilities


in their products[1];
b) there is no security contact or PGP key available on Faronics website;
c) these bugs require local user access and cannot be exploited remotely;
Faronics was not notified in advance.

Faronics Deep Freeze weakly-encrypted password disclosure vulnerability


----------------------------------------------------------------------Application Vendor: Faronics
Vendor URL: http://www.faronics.com
Discovered by: kao <kao.was.here@gmail.com>
Date discovered: Nov-2012
Public disclosure date: Mar-2013
Type of vulnerability: Weak Cryptography - Design Flaw
Background
---------Faronics Deep Freeze is application which allows system administrators to protec
t the core operating
system and configuration files on a workstation or server by restoring a compute
r back to its original
configuration each time the computer restarts. According to Faronics website, th
e software is installed
on over 5 million workstations worldwide.
Versions affected
----------------This vulnerability has been successfully tested on the following versions:
Faronics Deep Freeze Standard 6.10..7.51
Faronics Deep Freeze Enterprise 6.00..7.51
Faronics Deep Freeze Server Standard 6.30..7.51
Faronics Deep Freeze Server Enterprise 6.30..7.51
However, it is suspected that most previous versions are also affected.
Description of vulnerability
---------------------------DeepFreeze user mode process requests DeepFreeze configuration information from
the driver using
IoControl call. Returned buffer contains not only product configuration but also
xor-encrypted password
that allows complete access to DeepFreeze configuration interface. Decryption ke
y is also present in the
buffer.
There are several possible attack vectors:
- Attacker can dump frzstate2k.exe process memory and locate encrypted password
in it.
- Attacker can issue IoControl call and receive configuration information inclu
ding encrypted password.
Proof-of-Concept
---------------See Meltdown and its source code.

Faronics Deep Freeze Enterprise Customization Code Hash disclosure vulnerability


-------------------------------------------------------------------------------Application Vendor: Faronics
Vendor URL: http://www.faronics.com
Discovered by: kao <kao.was.here@gmail.com>
Date discovered: Nov-2012
Public disclosure date: Mar-2013
Type of vulnerability: Weak Cryptography - Design Flaw
Background
---------Faronics Deep Freeze is application which allows system administrators to protec
t the core operating
system and configuration files on a workstation or server by restoring a compute
r back to its original
configuration each time the computer restarts. According to Faronics website, th
e software is installed
on over 5 million workstations worldwide.
Versions affected
----------------This vulnerability has been successfully tested on the following versions:
Faronics Deep Freeze Enterprise 6.00..7.51
Faronics Deep Freeze Server Enterprise 6.30..7.51
However, it is suspected that most previous versions are also affected.
Description of vulnerability
---------------------------After administrator console installation, product asks to enter unique "Customiz
ation Code". Xor-encrypted
32-bit hash of Customization Code is stored in dfc.exe, frzstate2k.exe and dfser
v.exe. These files are
later installed on client machines.
Anyone who has read access to these files (including Guest account) can extract
32-bit hash and use it
to generate One Time Password (OTP) and therefore gain complete access to Deep F
reeze configuration interface.
Proof-of-Concept
---------------See Meltdown and its source code.

References:
[1] http://www.chillingeffects.org/notice.cgi?sID=262

You might also like