• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mercora IMRadio Plaintext Password Disclosure Weakness

Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry keys for the application are not encrypted or obfuscated in any way.

A local attacker may monitor the keyboard, CRT and mouse activity of a local administrator and retrieve the usernames and passwords for other users of the affected application.It should be noted that normal user accounts do not have the ability to read these registry keys.

In the event that an attacker gains administrative privileges by some other means, these usernames and passwords could be viewed and recorded to launch further attacks on the affected computer.