• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Fastlink Software TheServer Plain Text Password Storage Vulnerability

A problem with TheServer may make it possible for remote attackers to gain access to sensitive information.

TheServer does not cryptographically protect stored passwords. Passwords contained in the configuration file are stored in plain text. They may be read by simply viewing the file. The file (server.ini) is stored in a web accessible location and is, itself, accessible for retrieval by remote attackers using a web browser.