ELS Screen to Screen 1.0 - Multiple Password Vulnerabilities

Author: Prozaq of mSec
type: local
platform: osx
port: 
date_added: 1999-07-29  
date_updated: 2012-06-28  
verified: 1  
codes: OSVDB-83461;OSVDB-83460  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19437.txt  

source: https://www.securityfocus.com/bid/551/info

Screen to Screen is a remote control utility for systems runnig MacOS. To use it, you need to have an administrator password. This password is stored in encrypted form in a file called "Authorization" located in the System Folder under Preferences:Power On Preferences:Screen To Screen.

There are two problems:
1: The file can be deleted, and then the next time Screen to Screen is started it will reset the username to 'administrator' and the password to 'admin'.
2: The encryption scheme is weak and can be broken.

This program, written by mSec, will decrypt the administrator password for Screen to Screen.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19437.sit