http://www.siemensjobcam.com/windows-mobile-activesync-version/
ActiveSynch two vulnerabilities in Microsoft's program Sychnchronization between PC and mobile devices
Date:
June 1, 2008
Name of risk:
ActiveSync.
Manufacturer (if applicable):
Microsoft Corp.
Description:
ActiveSync is a synchronization program developed by Microsoft. It allows a mobile device to be synchronized with a desktop PC or a server running FirstClass Collaboration Suite, Microsoft Exchange Server, PostPath email and collaboration server, Kerio MailServer, Zimbra or push-Z. Only the personal information manager (PIM) data (email / calendar / contacts) can be synchronized with the Exchange Server. (The tasks can also be synchronized with Exchange Server on Windows Mobile 5.0.) Option to sync with the PC, however, allows PIM synchronization with Microsoft Outlook, along with Internet "favorites", files and tasks, and other types of data. Compatible mobile devices including PDA or Smartphone with Windows Mobile or Windows CE operating system, along with devices that do not use Microsoft operating systems such as Symbian and the iPhone. ActiveSync also provides for manual transfer of files on a mobile device, along with a copy limited security and restore functionality, and the ability to install and uninstall mobile device applications.
At a special event to launch the iPhone SDK on March 6, 2008, Apple announced that use ActiveSync technology to enable synchronization between iPhone and Microsoft Exchange Server.
Alternatives software that enables mobile devices to synchronize non-Microsoft PIMs with a PC is also available, as BirdieSync FinchSync and Thunderbird, or Intellisync.
Starting with Windows Vista, the latest operating system Windows system, ActiveSync has been replaced by the Windows Mobile Device Center.
The software can be downloaded for free from Microsoft ActiveSync Web site. The help is generally provided by the manufacturer of the device and the cost of this support depends on your policy.
Vulnerabilities
Two vulnerabilities were identified in Microsoft ActiveSync (version 3.7.1 and earlier), which could be exploited by malicious people to disclose sensitive information or cause a denial of service.
The first problem is caused by a design error when sending replies authentication, which could be exploited by attackers to enumerate valid equipment IDs by sending specially crafted requests to port 5679 and review the answers.
The second vulnerability occurs when numerous attempts are made to start with ActiveSync (port 5679/TCP), which could be exploited by remote attackers to cause a denial of service.
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a wrench) to send the PIN / Password via the host USB connection to the device, which could make it easier for attackers to decode a PIN or password obtained by inhalation or spoofing the pairing process.
Systems Affected:
Microsoft Windows.
Risk Level:
Less critical (2).
Threat type:
Denial of service attacks, smell.
Link:
http://en.wikipedia.org/wiki/ActiveSync
About the Author
www.promisec.com
active sync windows mobile