1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Cart32 Remote Admin PW

HTTP Cart32 Remote Admin PW

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

CART32 may lead to clients information and password disclosure

Additional Information

Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.

In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.

Affected

  • McMurtrey/Whitaker & Associates Cart32 2.6, 3.0

Response

McMurtrey/Whitaker & Associates has released upgrades which addresses this issue. Lopht Research Labs/@Stake has also released unoffical patches:

Workaround:
L0pht/@Stake Binary:
cartfix.exe
Security Focus cartfix.exe

L0pht/@Stake Source Code:
cartfixsrc.zip
Security Focus cartfixsrc.zip

Official Patches:
For McMurtrey/Whitaker & Associates Cart32 2.6:
McMurtrey/Whitaker & Associates c32admin (2.6)
McMurtrey/Whitaker & Associates c32web (2.6)
McMurtrey/Whitaker & Associates cart
McMurtrey/Whitaker & Associates cart32 (2.6)

For McMurtrey/Whitaker & Associates Cart32 3.0:
McMurtrey/Whitaker & Associates c32admin (3.0)
McMurtrey/Whitaker & Associates c32web (3.0)
McMurtrey/Whitaker & Associates cart32 (3.0)
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube