ELS Screen to Screen 1.0 - Multiple Password Vulnerabilities

EDB-ID:

19437

CVE:





Platform:

OSX

Date:

1999-07-29


source: https://www.securityfocus.com/bid/551/info

Screen to Screen is a remote control utility for systems runnig MacOS. To use it, you need to have an administrator password. This password is stored in encrypted form in a file called "Authorization" located in the System Folder under Preferences:Power On Preferences:Screen To Screen.

There are two problems:
1: The file can be deleted, and then the next time Screen to Screen is started it will reset the username to 'administrator' and the password to 'admin'.
2: The encryption scheme is weak and can be broken. 

This program, written by mSec, will decrypt the administrator password for Screen to Screen. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19437.sit