<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking

Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking

From: Rafel Ivgi <nuritrv18_at_bezeqint.net>
Date: Wed, 10 Dec 2003 21:17:29 +0200

Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking
***************************************************
Discovered by Rafel Ivgi, The-Insider.
http://theinsider.deep-ice.com
(This Is My First Advisory!)

Whenever a user sets flashget to dial-up to the internet he types his
username & password.
This sensitive data is being saved at the registery without no
encryption!.
It saved as hex data at the following location.

[HKEY_USERS\.DEFAULT\Software\JetCar\JetCar\DialUp]
"Entry"="<connection name>"
"UserName"="<dialup username>"
"Password"=hex:'<dialup password'<
Received on Dec 10 2003

This message: [ Message body ]
Next message: Mandrake Linux Security Team: "MDKSA-2003:112-1 - Updated cvs packages fix malformed module request vulnerability"
Previous message: Mandrake Linux Security Team: "MDKSA-2003:114 - Updated ethereal packages fix multiple remotely exploitable vulnerabilities"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]