|
COMMAND Arkeia SYSTEMS AFFECTED Arkeia 4.2 PROBLEM Quentyn Taylor found following. Arkeia simplifies data protection by providing automated backup and recovery. The system supports a wide variety of computers, operating systems and storage devices. It is easy to install, configure and use.It is fast, reliable and scales from a few systems to an enterprise. The client-gui <-> server communication is not encrypted by default (the passwords are - see later) and a wealth of interesting information is sent in the clear. The information sent by the client-gui could easily lead to remote root comprimise. Client logs into the server in the normal way. Person sniff's the traffic between the client-gui and server. Many installations of arkeia will be installed on remote sites and controlled remotely via the client-gui (available for most architectures). The client-gui appears not to communicate in a secure way with the server, possibly allowing an attacker to compromise an arkeia account. By default the security options in /usr/knox/nlp/auth* are not activated. These options do not appear to change encryption options. Encryption we believe costs extra: http://support.arkeia.com/cgi-bin/arkeia/solution?11=000811-0000&130=0965990356&14=&2715=&15=&2716=&57=search&58=&2900=E1KciKRhYN&25=7&3=encryption In the default install /usr/knox/ is mode 755 (chomoding to 750 root:root solves this). Also by default the "root" (the default administrator account) account password is set to null If this product was installed in a non secured environment there could be a "race condition" to see who could set the password first. Password is hashed with the crypt function with a constant salt (the characters "n3") - 8 character passwords maximum. Authentication sucess / failure info is sent in the clear. License Information - full set of license information is sent in the clear (including version, serial, organization, Key, expiry and type of drive the product is license for). Username - Username and role is sent in the clear (so that you know which account to compromise). #weak passwords (network packet dumps from ethreal - xena is the arkeia server): 0000 00 b0 d0 22 e2 d0 00 b0 d0 78 96 73 08 00 45 00 .°Ð"âÐ.° Ðx.s..E. 0010 00 9b 86 ea 40 00 40 06 2f 47 c0 a8 01 33 c0 a8 ...ê@.@. /GÀ¨.3À¨ 0020 01 a8 04 01 02 69 0d 92 7e 0f 1c 9e 41 36 80 18 .¨...i.. ~...A6.. 0030 29 e0 a9 27 00 00 01 01 08 0a 01 90 10 14 60 b8 )à©'.... ......`¸ 0040 48 b3 00 69 00 01 00 00 00 5f 4c 00 49 4e 4f 44 H³.i.... ._L.INOD 0050 45 00 78 65 6e 61 00 49 50 41 53 53 57 4f 52 44 E.xena.I PASSWORD 0060 00 6e 33 56 32 57 6f 63 58 4d 39 33 41 6b 00 49 .n3V2Woc XM93Ak.I 0070 4e 41 4d 45 00 72 6f 6f 74 00 49 45 4d 41 49 4c NAME.roo t.IEMAIL 0080 00 61 72 6b 65 69 61 40 66 6f 74 61 6e 67 6f 2e .arkeia@ fotango. 0090 63 6f 6d 00 49 52 4f 4c 45 00 41 44 4d 49 4e 49 com.IROL E.ADMINI 00a0 53 54 52 41 54 4f 52 00 45 STRATOR. E The above packet contains the password "password" hashed to n3V2WocXM93Ak, the packet below contains the password "letmein" hashed to n3LGeVp5KwvfE. 0000 00 b0 d0 22 e2 d0 00 b0 d0 78 96 73 08 00 45 00 .°Ð"âÐ.° Ðx.s..E. 0010 00 63 89 55 40 00 40 06 2d 14 c0 a8 01 33 c0 a8 .c.U@.@. -.À¨.3À¨ 0020 01 a8 04 01 02 69 e1 07 51 3c ee 26 bc b6 80 18 .¨...iá. Q<î&¼¶.. 0030 16 d0 d7 4d 00 00 01 01 08 0a 01 6f d9 fa 60 98 .Ð×M.... ...oÙú`. 0040 11 ea 00 61 00 02 00 00 00 27 72 6f 6f 74 00 6e .ê.a.... .'root.n 0050 33 35 56 57 4f 45 55 51 76 57 74 63 00 39 39 37 n3LGeVp5KwvfE.997 0060 34 33 35 30 34 37 00 00 00 00 00 00 00 00 00 00 435047.. ........ 0070 00 Now if you look at the hashes (n3V2WocXM93Ak and n3LGeVp5KwvfE) you notice that the string n3 appears at the front.... (this is common to all passwords that it sends). So lets see how they have encrypted it (crypt?). So lets try: perl -e 'print crypt "password", "n3"' gives n3V2WocXM93Ak and perl -e 'print crypt "letmein", "n3"' gives n3LGeVp5KwvfE so there we have it they use crypt with a constant salt of "n3". This has been verified with both the linux gui client and the MS java version (on win2k). Problems inherent with this scheme: 8 character max passwords (ie) setting the password to (passwordpassword gives): 0000 00 b0 d0 22 e2 d0 00 b0 d0 78 96 73 08 00 45 00 .°Ð"âÐ.° Ðx.s..E. 0010 00 63 6a 83 40 00 40 06 4b e6 c0 a8 01 33 c0 a8 .cj.@.@. KæÀ¨.3À¨ 0020 01 a8 04 01 02 69 e9 4e 1d 1b f6 f2 a5 d0 80 18 .¨...iéN ..öò¥Ð.. 0030 16 d0 4c e6 00 00 01 01 08 0a 01 7c 76 ea 60 a4 .ÐLæ.... ...|vê`¤ 0040 af 1e 00 61 00 02 00 00 00 27 72 6f 6f 74 00 6e ¯..a.... .'root.n 0050 33 56 32 57 6f 63 58 4d 39 33 41 6b 00 39 39 37 3V2WocXM 93Ak.997 0060 34 34 33 33 31 33 00 00 00 00 00 00 00 00 00 00 443313.. ........ So allthough you may be using passwords >8 for your root passwords arkeia (which is a root level service) only uses 8. Authentication info sent in the clear + roles listed in the clear: 0000 00 b0 d0 78 96 73 00 b0 d0 22 e2 d0 08 00 45 00 .°Ðx.s.° Ð"âÐ..E. 0010 01 16 83 77 40 00 40 06 32 3f c0 a8 01 a8 c0 a8 ...w@.@. 2?À¨.¨À¨ 0020 01 33 02 69 04 01 ee 26 bc eb e1 07 51 a5 80 18 .3.i..î& ¼ëá.Q¥.. 0030 fe 88 b2 9c 00 00 01 01 08 0a 60 98 11 ee 01 6f þ.²..... ..`..î.o 0040 d9 ff 00 68 00 01 00 00 00 04 00 00 00 00 00 65 Ùÿ.h.... .......e 0050 00 01 00 00 00 66 32 30 30 31 2f 30 38 2f 31 30 .....f20 01/08/10 0060 20 31 30 3a 32 31 3a 30 32 20 49 33 30 31 35 30 10:21:0 2 I30150 0070 30 32 30 20 55 53 52 5f 56 41 4c 49 44 41 54 45 020 USR_ VALIDATE 0080 3a 20 59 6f 75 20 68 61 76 65 20 73 75 63 63 65 : You ha ve succe 0090 73 73 66 75 6c 6c 79 20 6c 6f 61 64 65 64 20 74 ssfully loaded t 00a0 68 65 20 63 75 72 72 65 6e 74 20 75 73 65 72 20 he curre nt user 00b0 69 6e 66 6f 72 6d 61 74 69 6f 6e 00 00 69 00 01 informat ion..i.. 00c0 00 00 00 60 4c 00 54 50 4e 41 4d 45 00 72 6f 6f ...`L.TP NAME.roo 00d0 74 00 50 52 4f 4c 45 00 41 44 4d 49 4e 49 53 54 t.PROLE. ADMINIST 00e0 52 41 54 4f 52 00 50 50 41 53 53 57 4f 52 44 00 RATOR.PP ASSWORD. 00f0 6e 33 35 56 57 4f 45 55 51 76 57 74 63 00 50 4e n35VWOEU QvWtc.PN 0100 4f 44 45 00 78 65 6e 61 00 50 45 4d 41 49 4c 00 ODE.xena .PEMAIL. 0110 61 72 6b 65 69 61 40 66 6f 74 61 6e 67 6f 2e 63 arkeia@f otango.c 0120 6f 6d 00 45 om.E Notice the password just when past again. License Information (the actual license numbers have been removed) 0000 00 b0 d0 78 96 73 00 b0 d0 22 e2 d0 08 00 45 00 .°Ðx.s.° Ð"âÐ..E. 0010 01 40 83 87 40 00 40 06 32 05 c0 a8 01 a8 c0 a8 .@..@.@. 2.À¨.¨À¨ 0020 01 33 02 69 04 01 ee 26 bd fa e1 07 51 f0 80 18 .3.i..î& ½úá.Qð.. 0030 fe 88 d2 ee 00 00 01 01 08 0a 60 98 11 fa 01 6f þ.Òî.... ..`..ú.o 0040 da 0b 00 68 00 01 00 00 00 04 00 00 00 00 00 65 Ú..h.... .......e 0050 00 01 00 00 00 5b 32 30 30 31 2f 30 38 2f 31 30 .....[20 01/08/10 0060 20 31 30 3a 32 31 3a 30 32 20 57 33 30 31 35 30 10:21:0 2 W30150 0070 31 33 30 20 4c 49 43 45 4e 53 45 5f 47 45 54 3a 130 LICE NSE_GET: 0080 20 54 68 69 73 20 76 65 72 73 69 6f 6e 20 6f 66 This ve rsion of 0090 20 41 72 6b 65 69 61 20 69 73 20 6c 69 63 65 6e Arkeia is licen 00a0 73 65 64 20 74 6f 20 27 46 4f 54 41 4e 47 4f 27 sed to ' FOTANGO' 00b0 00 00 69 00 01 00 00 00 95 4c 00 49 4c 49 43 45 ..i..... .L.ILICE 00c0 4e 53 45 00 41 52 4b 34 32 00 49 53 45 52 49 41 NSE.ARK4 2.ISERIA 00d0 4c 00 54 45 39 32 47 52 31 48 52 48 4e 44 50 4e ${OUR SERIAL} 00e0 00 49 4f 52 47 41 4e 49 53 41 54 49 4f 4e 00 46 .IORGANI SATION.F 00f0 4f 54 41 4e 47 4f 00 49 4b 45 59 00 58 58 58 55 OTANGO.I KEY.${OUR KEY} 0100 33 58 45 35 59 4e 38 56 34 33 00 49 4f 50 54 49 43.IOPTI 0110 4f 4e 00 35 33 00 49 45 58 50 49 52 59 00 30 00 ON.53.IE XPIRY.0. 0120 49 44 52 49 56 45 00 32 00 49 46 4c 4f 57 34 00 IDRIVE.2 .IFLOW4. 0130 32 00 49 46 4c 4f 57 33 00 30 00 49 46 4c 4f 57 2.IFLOW3 .0.IFLOW 0140 32 00 35 00 49 46 4c 4f 57 31 00 32 00 45 2.5.IFLO W1.2.E As you can see above, the license number, serial, name, No. of flows, and the key (some thing that they tell you to keep safe). Because the salt is known and because the max password length is 8 characters it would not be beyond the realms of possibility to crack the password (effectively a root password) once you have access through the gui, you have the possibility of running a command from the gui before and after the backup job. This command is run as root and can be anything. Therefore you have full access to the box to do with as you please. However, it is only an arkeia "root" password. It's not even a real user with a shell. Make sure your system root password is different from your arkeia root password. A DoS situation could occur if you restored a file over another (any file over /etc/shadow) however with full shell access to the server why bother ? SOLUTION Turn on encryption - costs more money and we are not sure that the client (GUI client) supports it (certainly none of the ones looked - Linux) so even if you can encrypt the data being sent to the server (the actual data being sent to tape) it doesn't look like the gui client can support it. Use an SSH tunnel. Use Arkeia only over "trusted" networks. This article on arkeia's support site explains how to set up an ssh tunnel through a firewall for arkeia: http://support.arkeia.com/cgi-bin/arkeia/solution?11=000322-0014&130=0953783453&14=&2715=&15=&2716=&57=search&58=&2900=JP9cQm9m9p&25=7&3=ssh Use Legato Networker ;)