Audiogalaxy again

From: big bon (vulndev@hotmail.com)
Date: 11/27/01

• Previous message: Tom Micklovitch: "Re: Xitami Webserver stores admin password in clear text."
• Next in thread: David Lodge: "Re: Audiogalaxy again"
• Reply: David Lodge: "Re: Audiogalaxy again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "big bon" <vulndev@hotmail.com>
To: bugtraq@securityfocus.com
Subject: Audiogalaxy again
Date: Tue, 27 Nov 2001 08:04:52 -0800
Message-ID: <F84KRfcjcMzfoV1qdii000069cc@hotmail.com>

Well I will keep this to the point.
Nudehackers.com is down so forgive me for sending from my mailing list acct.

Sometime ago I released a statement about Audiogalaxy keeping usernames and
passwords in clear text in a file on the users system. Well, shortly after
that they fixed it, or so it seemed. I notified the good people over at
Audiogalaxy about this months ago and I see nothing has changed. Audiogalaxy
has started storing username and passwords in cookie. A sample cookie entry
looks like this:

cookieUsername
USERNAMEHERE
audiogalaxy.com/
0
367281152
29529638
3457234544
29456211
*
cookiePassword
CLEARTEXTPASSHERE
audiogalaxy.com

  Well the obivous problem is that someone exploiting the recent IE bug and
stealing cookies could get the cookie and thus have the username and
password. Now before the arguement was that nothing destructive could be
done with this information and my comments didnt all make it to bugtraq.
Well, here is what someone might do. Steal the username/password, using
audiogalaxy software set an mp3 for download that the attacker has wrapped
with a trjoan, oh say BO2K. Now, the arguement was that the file would have
a .mp3 extension and thus bo2k would not work, THIS IS WRONG. Back orifice
does not have to have a .exe entension thus whent he victim ran the mp3 to
enjoy the music they would be infected.

To conclude this should be fixed.

Special "shout outs" to michael over at audiogalaxy. :)

altomo
Nudehackers.com

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

---

• Previous message: Tom Micklovitch: "Re: Xitami Webserver stores admin password in clear text."
• Next in thread: David Lodge: "Re: Audiogalaxy again"
• Reply: David Lodge: "Re: Audiogalaxy again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [NEWS] AudioGalaxy Username and Password Saved in Cleartext ... that offers an mp3 sharing program. ... This product stores the username and ... password used by the application in plain text inside a cookie - this ... AudioGalaxy keeping usernames and passwords in clear text in a file on the ... (Securiteam) Re: Audiogalaxy again (Cross Site Scripting Vuln) ... Audiogalaxy again ... passwords wisely and not use the same password for hotmail and mp3 sharing ... > Audiogalaxy has started storing username and passwords in cookie. ... (Vuln-Dev) Re: Audiogalaxy again (Cross Site Scripting Vuln) ... Audiogalaxy again ... passwords wisely and not use the same password for hotmail and mp3 sharing ... > Audiogalaxy has started storing username and passwords in cookie. ... (Bugtraq) about cookies ... the cookie of audiogalaxy on the user ... reveal the username and password in plain text. ... (Vuln-Dev) Re: about cookies ... I know of another AudioGalaxy ... the cookie have this format: ... SID ... sometimes this information are encripted with cyphertext format DES or LM. ... (Vuln-Dev)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)