Trustwave’s WebDefend console software is prone to static MySQL database passwords in the binary files, which leads to a comprimise of sensitive information.
For the latest advisory Click Here
Below are the steps that led up to the discovery of this low hanging fruit:
- I first started by using tcpdump to capture traffic between the appliance and a workstation running the console software.
- When using the console software to login, I noticed the authentication was done over port 5000. After I logged in, the console software started to load data over MySQL port 3306. What I found interesting was all the sql traffic was getting initated by the workstation. At this point I wanted to know how the workstation was able to login to the MySQL server on the appliance.
- By using several sysinternal tools on the workstation, I was able to determine which binary files the console software was using when the sql connection got initiated.
- I then used a combination of strings and IDA Pro to search through the binaries for the sql login and bingo found it!
please visit www.securitypentest.com for more WebDefend advisories