11 lines
No EOL
775 B
Text
11 lines
No EOL
775 B
Text
source: http://www.securityfocus.com/bid/551/info
|
|
|
|
Screen to Screen is a remote control utility for systems runnig MacOS. To use it, you need to have an administrator password. This password is stored in encrypted form in a file called "Authorization" located in the System Folder under Preferences:Power On Preferences:Screen To Screen.
|
|
|
|
There are two problems:
|
|
1: The file can be deleted, and then the next time Screen to Screen is started it will reset the username to 'administrator' and the password to 'admin'.
|
|
2: The encryption scheme is weak and can be broken.
|
|
|
|
This program, written by mSec, will decrypt the administrator password for Screen to Screen.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19437.sit |