Dear contact (at) airscanner (dot) com [email concealed],
Wow! Local information leak for Pocket PC ;)
The problem is exploitation is not trivial - it requires local attacker
to be able to install software, because (as far as I know) there is no
default application for Windows for Mobile to browse registry. Because
Windows for Mobile is not real multi-user system, this issue can not be
classified as security one.
--Wednesday, September 14, 2005, 3:31:18 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
cac> File Transfer Anywhere v3.01 Local Server Password Disclosure
cac> Mobile device running Windows Mobile Pocket PC with Transfer
Wow! Local information leak for Pocket PC ;)
The problem is exploitation is not trivial - it requires local attacker
to be able to install software, because (as far as I know) there is no
default application for Windows for Mobile to browse registry. Because
Windows for Mobile is not real multi-user system, this issue can not be
classified as security one.
--Wednesday, September 14, 2005, 3:31:18 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
cac> File Transfer Anywhere v3.01 Local Server Password Disclosure
cac> Mobile device running Windows Mobile Pocket PC with Transfer
--
~/ZARAZA
http://www.security.nnov.ru/
[ reply ]