Home page logo

bugtraq logo Bugtraq mailing list archives

GiantRat Mailer exposes PoP password
From: maninthemiddle () hushmail com
Date: Thu, 13 Mar 2003 14:02:03 -0800

Security advisory

Issue: GiantRat Mailer exposes plain text PoP password

Date: 03/13/03

Vendor first notified: Febuary 2003

Affected versions: All (tested v3.1, 2.x, 1.x

ABOUT GiantRat Mailer:

GiantRat Mailer is an innovative email client that has settings for the sight-impaired and has optional voice prompts 
utilizing MS-Agent.  Currently there are thousands of installations worldwide in use by the blind.


In the root of the client installation, e.g., c:\program files\giantrat, the GiantRat.ini file clearly shows user login 
information and the PoP password in line 18.  There is no encryption whatsoever.

Risk:  Obvious – the blind can’t see it but we sure can…even after a few shots of Stolichnaya.


Make sure your hard drives are secure and safe from prying eyes. 

VENDOR RESPONSE:  The company was made aware and has implemented an XOR encryption algorithm effective 03/13/2003 that 
scrambles the password in the .ini file.

Updates are available.


maninthemiddle () hushmail com

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 

  By Date           By Thread  

Current thread:
  • GiantRat Mailer exposes PoP password maninthemiddle (Mar 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]