Home page logo

bugtraq logo Bugtraq mailing list archives

Unsecure passwords in Macromedia Dreamweaver
From: jeff () NEOHAPSIS COM (Jeff Forristal)
Date: Thu, 11 Jun 1998 13:04:34 -0500

When one saves their ftp passwords in Macromedia Dreamweaver, this
information is written to the registry at
/HKEY_CURRENT_USER/Software/Macromedia/Dreamweaver/Sites/-Site(x)/User PW
The storage scheme used to crypt the password is exactly the same as the
Ws_FTP method, which was reported previously.  Briefly, all characters are
converted to hex, and the offset within the string is added to the value
(starting with 0).

Macromedia has been contacted, and their reply was to the effect that,
while noted, they do not think it severe enough to release a patch;
therefore, it will be corrected in the next major release.

-Jeff Forristal

  By Date           By Thread  

Current thread:
  • Unsecure passwords in Macromedia Dreamweaver Jeff Forristal (Jun 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]