Hello bugtraq,
Sambar Server (Web/Mail/Proxy for Windows) by default stores
password encrypted with blowfish with static built-in key.
(Documentation states passwords can't be recovered but
server recovers passwords for some needs). There is no even
need to discover this key because Sambar has decoding
procedure inside. Attached is simple program to launch
decoding. Copy it to Sambar's /bin and treat is as a tool
to recover forgotten passwords :)
In config.ini you can set
Use Unix crypt = true
to make Sambar use crypt()-like non-recoverable DES format.
If someone needs formal advisory, it can be found at
http://www.security.nnov.ru/advisories/sambarpass.asp
--
http://www.security.nnov.ru
/\_/\
{ . . } |\
+--oQQo->{ ^ }<-----+ \
| 3APA3A U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)
sadecrypt.zip
