• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Frederic Tyndiuk Eupload Plain Text Password Storage Vulnerability

A problem with Eupload may make it possible for remote attackers to gain access to sensitive information.

Eupload does not cryptographically protect stored passwords. Passwords contained in the configuration file, password.txt, are stored in plain text. They may be read by simply viewing the file. The file, password.txt, is stored in a web accessible location and is, itself, accessible for retrieval. Thus it is trivial for an attacker to obtain user passwords and abuse the Eupload service.