[Am-info] Nasty! Microsoft Commerce Server Insecure Registry Permissions

[Fred A. Miller]

Microsoft Commerce Server Insecure Registry Permissions

READ ONLINE:
http://www.secunia.com/advisories/9176/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Microsoft Commerce Server 2002

DESCRIPTION:
A vulnerability has been reported in Microsoft Commerce Server, which
can be exploited by malicious users to gain knowledge of sensitive
information.

The password for the SQL Server backend is stored encoded in the
registry in the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce
Server" if authentication has been configured to SQL Server
authentication. However, this registry key has weak permissions
allowing any user to read the encoded password.=20

By decoding the password, a malicious user could gain knowledge of
the administrative SQL Server password.

The vulnerability has been reported in version 2002. However, prior
versions may also be affected.

SOLUTION:
Set proper ACL permissions on the registry key.

REPORTED BY / CREDITS:
Cesar Cerrudo

=2D-=20
Planet Earth - a subsidiary of Microsoft=AE.
We have no bugs in our software, Never!,=20
We do have undocumented added features,
that you will find amusing, at no added cost,=20
to you, at this time.