BugTraq
Back to list
|
Post reply
Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
Aug 23 2005 01:20PM
kozan spyinstructors com
(1 replies)
Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
Aug 24 2005 02:03PM
3APA3A (3APA3A SECURITY NNOV RU)
Dear kozan (at) spyinstructors (dot) com [email concealed],
There is no bug, at least described one. Only current user or user with
administrative privileges can access HKEY_CURRENT_USER.
--Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows
ksc> Registry in plain text. A local user can read the values.
ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles
ksc> Auto.Username = Mercora IMRadio Username
ksc> Auto.Password = Mercora IMRadio Password
--
~/ZARAZA
http://www.security.nnov.ru/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
There is no bug, at least described one. Only current user or user with
administrative privileges can access HKEY_CURRENT_USER.
--Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows
ksc> Registry in plain text. A local user can read the values.
ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles
ksc> Auto.Username = Mercora IMRadio Username
ksc> Auto.Password = Mercora IMRadio Password
--
~/ZARAZA
http://www.security.nnov.ru/
[ reply ]