McAfee Virus Scan Enterprise password hashing demystified

McAfee Virus Scan Enterprise has a feature to protect settings modification from server admins by setting a password. This password is stored into registry, before version 8.8 the hash of the password can be found into:

the content was  MD5(unicode(password)). The password “password” would generate UIP=b081dbe85e1ec3ffc3d4e7d0227400cd.

Since version 8.8 the password hashing scheme has changed, now the password can be found into:

The new hashing schema is: Base64(SHA1(unicode(“\x01\x0f\x0d\x33” + password))). For example the password “test” would generate UIPEx=”1Or2ZtCTFvnWGxR1M1OnPV+88Eg=”.

At lab you can download a little PoC that generates UIPEx hash.

Leave a Reply