Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 24 Aug 2005 18:03:20 +0400
Dear kozan () spyinstructors com,

There  is no bug, at least described one. Only current user or user with
administrative privileges can access HKEY_CURRENT_USER.


--Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq () securityfocus com:


ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows
ksc> Registry in plain text. A local user can read the values.

ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles
ksc> Auto.Username = Mercora IMRadio Username
ksc> Auto.Password = Mercora IMRadio Password



-- 
~/ZARAZA
http://www.security.nnov.ru/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]