---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Meridian Prolog Manager Password Brute Force Weakness SECUNIA ADVISORY ID: SA28065 VERIFY ADVISORY: http://secunia.com/advisories/28065/ CRITICAL: Less critical IMPACT: Brute force, Exposure of sensitive information WHERE: >From local network SOFTWARE: Meridian Prolog Manager 2007 http://secunia.com/product/16981/ Meridian Prolog Manager 7.x http://secunia.com/product/16980/ DESCRIPTION: A weakness has been reported in Meridian Prolog Manager, which can be exploited by malicious people to brute force user passwords. The weakness is caused due to the server transmitting an encrypted dataset of all usernames and passwords to a client during login, using a weak encryption. This can be exploited to disclose usernames and passwords on the network via brute force attacks. The complexity of the brute force attacks reportedly depends on which encryption setting was chosen ("No Encryption", "Standard Encryption", "Enhanced Encryption"). The weakness is reported in Prolog Manager versions 2007 and 7.5. Other versions may also be affected. SOLUTION: Use in a trusted network environment only and use the "Enhanced Encryption" option. PROVIDED AND/OR DISCOVERED BY: An anonymous person ("Prolog Error"). ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2007-12/0150.html OTHER REFERENCES: US-CERT VU#120593: http://www.kb.cert.org/vuls/id/120593 http://www.kb.cert.org/vuls/id/MIMG-77FL3T ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------