December 10, 2010

Trustwave WebDefend Static Console Password Vulnerability



1. Summary:

A static console username and password has been identified in Trustwave's WebDefend Enterprise Console product.  The information could potentially allow a remote attacker access to the data in the database located on the WebDefend appliance.


2. Description:

The static console username and password, in addition to the private key, can be used to authenticate against the appliance and have access to the data through the remote console GUI.  This data is used for tracking web vulnerabilities in a web site(s).  The static login has been located in several of the console software’s EXE and DLL files.  The private key is installed by default with the console software and is not generated during the installation.

The private key file is located in:

%SystemDrive%\Program Files\Breach Security\WebDefend Enterprise Console\bin\bwdschedreports.prk


The static username and password is located in the files listed below:

BEventViewer.dll
BGDConsole.exe
BPolicyDB.dll
BProfileMgr.dll
BReportsDll.dll
BReportsSvc.exe
BSystemConfigMgr.dll
GSTuningDlgs.dll
gspclientdll.dll
gstdlibdll.dll
test_apiex.exe


3. Impact:

Potentially allow an attacker access to all data pertaining to vulnerabilities in a victim’s web site(s).


4. Affected Products:

WebDefend Enterprise Manager Appliance v4.0 (6.45.659)
WebDefend Enterprise Console software v4.0 (6.45.659)


5. Solution:  Apply the latest supplied vendor patches.


6. Time Table:

10/22/2010 Reported vulnerability to the Vendor
10/27/2010 Vendor acknowledge vulnerability
11/15/2010 Vendor published fix




7. Credits:  

Discovered by Nathan Power 
www.securitypentest.com