Redi Locally Readable Username/Password Vulnerability

Redi.exe is part of a suite of realtime stock trading tools used by professional traders.

Sensitive user information, including usernames and passwords, are stored on the client's system in cleartext in a log file used for troubleshooting. This file has a known default location, and is readable by a local attacker.

Properly exploited, the information contained in this file gives an attacker the ability to execute trades and carry out other financial activities on behalf of the legitimate Redi user.


 

Privacy Statement
Copyright 2010, SecurityFocus