Hardcoded Password Vulnerability in ntfstool Version 3.5.1
Product: ntfstool
Affected Version: 3.5.1
Severity: High
Vulnerability Details
Description: A critical security vulnerability has been identified in ntfstool version 3.5.1. The vulnerability arises from the presence of a hardcoded password in the application's configuration file. Specifically, the file /Users/user/Library/Application Support/ntfs-tool/config.json
contains the field "sudoPwd": "toor"
, which stores the sudo password in plaintext. This allows potential attackers with access to the configuration file to gain unauthorized elevated privileges.
Impact: The presence of a hardcoded password in the configuration file poses a significant security risk. If an attacker gains access to the configuration file, they can retrieve the sudo password and execute commands with root privileges, compromising the entire system.
Steps to Reproduce:
Install and configure ntfstool version 3.5.1.
Navigate to the configuration file located at
/Users/user/Library/Application Support/ntfs-tool/config.json
.Open the file and observe the hardcoded password under the key
"sudoPwd"
.Use the retrieved password to execute sudo commands and gain elevated privileges.
Reference:
Example Path to Vulnerable Configuration File:
/Users/user/Library/Application Support/ntfs-tool/config.json