Info

Disclosure

Oct 12, 2012

Discovery

Unknown

Dates

Exploit

Oct 12, 2012

Solution

Unknown

Description

Xtreme RAT contains a flaw that is due to the program only allowing the use of digits for passwords. This limits the potential complexity passwords, allowing remote attackers to more easily conduct brute force attacks.

Classification

Location: Context Dependent
Attack Type: Cryptographic
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

The presence of this software means the host system may have been compromised through some other exploit/vulnerability. If this software was not installed by the legitimate administrator, the only way to ensure the software, and any other malicious software (malware), is completely removed is to re-install the operating system.

Products

Xtreme RAT

Xtreme RAT Client

Unspecified

References

Related OSVDB ID: 86829 86837 86838
Other Advisory URL: http://matasano.com/research/PEST-CONTROL.pdf
News Article: http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240008942/popular-rats-found-riddled-with-bugs-weak-crypto.html
Vendor URL: https://sites.google.com/site/nxtremerat/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86828