• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Audiogalaxy Plaintext Password Storage Vulnerability

Audiogalaxy is a partially web based music file sharing network, commonly used to trade mp3s. It is intended to be used in conjunction with Audiogalaxy Satellite software running on the local user's machine.

When a user creates an account with Audiogalaxy, their account name and information is stored in plaintext within a cookie. If this cookie is disclosed through any number of cross-site scripting attacks, a malicious user may gain access to the account. Vulnerabilities such as Bugtraq ID 3513 may also lead to account compromise.