Friday, January 8, 2010

Where Tritek Case Management Stores Passwords and Login Information

In order to move Tritek users over to MerusCase, the superior case management system, one of my projects has been to reverse engineer and write a migration system for Tritek.

If you have lost your password or simply would like to hack into Tritek or impersonate someone else, it is easy to find the passwords and logins in plain text in the DATA/ folder that Tritek uses.

First, if you don't know where to find where Tritek is storing its data tables, open up the executable SETUP1.exe in the XMGMT/ folder. Alternatively, open up DATA/parms.dbf with a DBF (dBASE) viewer (For example DBFView or DBFViewer 2000) -- there is a 'data' column that specifies a file path to your data.

Now, open up DATA/logins.dbf with your dbf viewer and there are columns for name, password, login dates, and so on. They are all stored in plain text so you won't have to do any password hashing or such.

4 comments:

  1. WOW!!! That's scary... I can't beleive it. Security must not be a worry for Tritek users.

    ReplyDelete
  2. Such a very beneficial article. Very thrilling to read this text.I would really like to thank you for the efforts you had made for writing this amazing article.

    write my essay

    ReplyDelete
  3. We are the company http://www.unitedcheckcashing.com providing you the best services about unitedcheckcashing.com within a short period. In USA you may find us everywhere, every city and 24/7. We actually love to oblige you the best things with 100% agreements and faster ever.
    check casher

    ReplyDelete
  4. Presently, utilizing the Internet, securing a money finance credit is quick, simple and advantageous. You can visit an online monetary moneylender and apply for a money finance credit utilizing a protected Web webpage. check cashing san diego

    ReplyDelete