Nullsoft Winamp Plaintext Authentication Credentials Vulnerability

Nullsoft Winamp Plaintext Authentication Credentials Vulnerability

The streaming content HTTP authentication credentials are stored in plaintext in the 'winamp.ini' file under the headings [HTTP-AUTH] and [winamp]. The attacker only needs to read this file to gain access to the credentials.