Details of VAR-200306-0002

ID

VAR-200306-0002

CVE

CVE-2003-0270

TITLE

Apple AirPort administrator password encryption vulnerability

Trust: 1.2

sources: CNVD: CNVD-2003-1333 // CNNVD: CNNVD-200306-074

DESCRIPTION

The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol. The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information. AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed. If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device

Trust: 1.8

sources: NVD: CVE-2003-0270 // CNVD: CNVD-2003-1333 // BID: 7554 // VULHUB: VHN-7099

AFFECTED PRODUCTS

vendor:	apple	model:	802.11n	scope:	eq	version:	7.3.1	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	airport base station	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2003-1333 // BID: 7554 // CNNVD: CNNVD-200306-074 // NVD: CVE-2003-0270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0270
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200306-074
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7099
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0270
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7099
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7099 // CNNVD: CNNVD-200306-074 // NVD: CVE-2003-0270

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200306-074

TYPE

Design Error

Trust: 0.9

sources: BID: 7554 // CNNVD: CNNVD-200306-074

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0270	Trust: 2.6
db:	BID	id:	7554	Trust: 2.0
db:	SECTRACK	id:	1006742	Trust: 1.7
db:	SECUNIA	id:	8773	Trust: 1.7
db:	CNNVD	id:	CNNVD-200306-074	Trust: 0.7
db:	CNVD	id:	CNVD-2003-1333	Trust: 0.6
db:	XF	id:	11980	Trust: 0.6
db:	ATSTAKE	id:	A051203-1	Trust: 0.6
db:	VULHUB	id:	VHN-7099	Trust: 0.1

sources: CNVD: CNVD-2003-1333 // VULHUB: VHN-7099 // BID: 7554 // CNNVD: CNNVD-200306-074 // NVD: CVE-2003-0270

REFERENCES

url:	http://www.atstake.com/research/advisories/2003/a051203-1.txt	Trust: 1.7
url:	http://www.securityfocus.com/bid/7554	Trust: 1.7
url:	http://securitytracker.com/id?1006742	Trust: 1.7
url:	http://secunia.com/advisories/8773	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11980	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/11980	Trust: 0.6
url:	http://www.apple.com/airport/	Trust: 0.3

sources: VULHUB: VHN-7099 // BID: 7554 // CNNVD: CNNVD-200306-074 // NVD: CVE-2003-0270

CREDITS

Jeremy Rauch※ jrauch@atstake.com※Dave G※ daveg@atstake.com

Trust: 0.6

sources: CNNVD: CNNVD-200306-074

SOURCES

db:	CNVD	id:	CNVD-2003-1333
db:	VULHUB	id:	VHN-7099
db:	BID	id:	7554
db:	CNNVD	id:	CNNVD-200306-074
db:	NVD	id:	CVE-2003-0270

LAST UPDATE DATE

2024-08-14T14:00:52.255000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-1333	date:	2003-05-12T00:00:00
db:	VULHUB	id:	VHN-7099	date:	2017-07-11T00:00:00
db:	BID	id:	7554	date:	2009-07-11T22:06:00
db:	CNNVD	id:	CNNVD-200306-074	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0270	date:	2017-07-11T01:29:30.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-1333	date:	2003-05-12T00:00:00
db:	VULHUB	id:	VHN-7099	date:	2003-06-16T00:00:00
db:	BID	id:	7554	date:	2003-05-12T00:00:00
db:	CNNVD	id:	CNNVD-200306-074	date:	2003-05-12T00:00:00
db:	NVD	id:	CVE-2003-0270	date:	2003-06-16T04:00:00