FlashGet Insecure Dialup Credential Storage Vulnerability

FlashGet Insecure Dialup Credential Storage Vulnerability

FlashGet stores dialup credentials in a user-accessible registry key. The username will be stored in plaintext and the password will be hex-encoded. As a result, malicious local users may obtain these credentials. This presents a security risk if dialup accounts are not shared between users on the system.

This issue was reported in FlashGet 0.9 through 1.2. Other versions may also be affected.