Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 08/24/05
- Previous message: Kaveh Razavi: "Re: LeapFTP .lsq Buffer Overflow Vulnerability"
- In reply to: kozan_at_spyinstructors.com: "Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Aug 2005 18:03:20 +0400 To: kozan@spyinstructors.com
Dear kozan@spyinstructors.com,
There is no bug, at least described one. Only current user or user with
administrative privileges can access HKEY_CURRENT_USER.
--Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq@securityfocus.com:
ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows
ksc> Registry in plain text. A local user can read the values.
ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles
ksc> Auto.Username = Mercora IMRadio Username
ksc> Auto.Password = Mercora IMRadio Password
-- ~/ZARAZA http://www.security.nnov.ru/
- Previous message: Kaveh Razavi: "Re: LeapFTP .lsq Buffer Overflow Vulnerability"
- In reply to: kozan_at_spyinstructors.com: "Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
