Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Hotline Client Plain password vuln.
From: macdaddy () neo pittstate edu
Date: Fri, 1 Mar 2002 00:33:35 -0600 (CST)

The Mac client dates back to around the Fall of 1997 and it has always
done that.  All of Hotline's communication is plain text so I imagine the
authors figured there wasn't a need for encryption.  Just store the file
in a secure place like in your personal profile directory and you should
be fine.  I see it as no more insecure than a Netscape bookmarks file in
which you put your userid/passwd in a saved URL.


Justin Shore                    Pittsburg State University
Network & Systems Manager       Kelce 157Q
Office of Information Systems   Pittsburg, KS 66762
Voice: (620) 235-4606           Fax: (620) 235-4545

"Time spent tightening security at your site is best spent before a
break-in occurs. Never believe that your site is too small or of too
little consequence. Start out by being wary, and you will be more prepared
when the inevitable attack happens."

  -- "Sendmail, 2nd Edition" by Bryan Costales & Eric Allman for O'Reilly

On Thu, 28 Feb 2002, Rense Buijen wrote:


I am using Hotline Client 1.8.5 from Hotline Communications Ltd on a
windows XP platform. In this client you have the options to save
bookmarks so you can easily connect to your sites.  When I was looking
around in the "Bookmarks" dir (program files\hotline communications ltd)
I saw that the bookmarks store your login, password and host in
plaintext although it is a binary file. Has this been mentioned before?
Is this normal or just a flaw from the creators?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]