Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Flaw in remote ActiveSync protocol may disclose device password
Posted on 6-Aug-2005 10:26 | Filed under: News


Flaw in remote ActiveSync protocol may disclose device password
Security company Airscanner has identified a problem with the way ActiveSync handles requests from password-protected devices. The problem affect Microsoft ActiveSync 3.7.1 and 3.8, and it was tested on Windows XP Professional SP2 and Windows Mobile 2003 Pocket PC.

The risk level is low for denial of service attacks, but it can be elevated to medium for password collection attack.

ActiveSync is Microsoft’s default connectivity program that keeps a desktop PC and a Pocket PC synchronized. It also includes various other features, such as debugging ability, file transfer, etc.

When a Pocket PC device attempts to sync to a PC, it will send three initial packets to the Active Sync program on port 5679.

If the equipment ID value is valid, the PC will respond with a special code. If the equipment ID is not correct, the response will be another code. With this static response, it is trivial to brute force the valid equipment ID value. The reason this is important is because if the value of the correct corresponding PID is sent, a prompt will appear on the PC asking for a PIN value.

If a target enters a password, the information will be passed back to the remote, requesting client. If a value other than x01 is sent, that value will be XORed with the response to pseudo-encrypt the password. This method of information gathering is possible from over a network and does work over the Internet. From a quick nmap scan, we found about roughly 10 computers with this port open per 50 class C subnets.

Also, if numerous attempts were made to initialize with a PC running ActiveSync, after about four attempts the ActiveSync process freezes.



More information: http://www.airscanner.com/security/activesync...



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Trending now »

Hot discussions in our forums right now:

2019 Novel Coronavirus Covid-19 Discussion
Created by Batman, last reply by mattwnz on 8-Jul-2020 01:01 (11752 replies)
Pages... 782 783 784


Pumped storage to deal with Auckland's water problems?
Created by neb, last reply by Zeon on 7-Jul-2020 22:08 (43 replies)
Pages... 2 3


Stuff quits Facebook due to "ethical reasons"
Created by Zepanda66, last reply by jonathan18 on 7-Jul-2020 19:56 (37 replies)
Pages... 2 3


Pls help : trying to install DuckDNS on a DietPi
Created by kiwifidget, last reply by kiwifidget on 7-Jul-2020 19:48 (16 replies)
Pages... 2


Broadband and speed?
Created by lalalalaman, last reply by nztim on 6-Jul-2020 18:17 (13 replies)

Interesting Chorus installation...!
Created by KiwiSurfer, last reply by xpd on 7-Jul-2020 18:34 (24 replies)
Pages... 2


Microsoft and invalid GST Invoices
Created by 48clyde, last reply by fearandloathing on 7-Jul-2020 16:35 (12 replies)

Work/Personal phone - one account for multiple devices?
Created by Blurtie, last reply by BlinkyBill on 7-Jul-2020 16:50 (11 replies)