mailing list archives
From: the-wall () WIRETRIP NET (The Wall)
Date: Mon, 27 Dec 1999 10:27:41 -0600
FTPPro stores credit card information in multiple locations, unprotected,
and in plain text.
The program consists of 2 files, FTPPro20.exe and FTPPro20.hlp. These
files do not require their directory to be in the working %PATH%
When the program initializes for the first time, it creates a key in the
This key is set with the following permissions:
Administrator (Full Control)
Creator Owner (Full Control)
Everyone (Special Access - Query Value
System (Full Control)
The primary purpose of this key is not to store any real program related
information, but to store license and registration information. Among the
keys and their data are:
Credit Card #
Credit Card Expiration Date
Credit Card type (VISA, MC, etc.)
Name, Address, City, State, Zip, Phone
The program will not submit the registration information until all of the
above information (and more) is provided. All of this information is
stored in the registry unprotected. The only relevant program information
stored under this key is the program version and the "LastRunDate".
In addition to entering all of the above data into the registry, the
program provides a "Register Offline" option. This option will create a
text file called "Register.txt" in the program working directory
containing all of the above information in clear text.
Sabine Consulting, the program distributors, have been notified.