Bugtraq mailing list archives
Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking
From: "Rafel Ivgi" <nuritrv18 () bezeqint net>
Date: Wed, 10 Dec 2003 21:17:29 +0200
Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking *************************************************** Discovered by Rafel Ivgi, The-Insider. http://theinsider.deep-ice.com (This Is My First Advisory!) Whenever a user sets flashget to dial-up to the internet he types his username & password. This sensitive data is being saved at the registery without no encryption!. It saved as hex data at the following location. [HKEY_USERS\.DEFAULT\Software\JetCar\JetCar\DialUp] "Entry"="<connection name>" "UserName"="<dialup username>" "Password"=hex:'<dialup password'<
Current thread:
- Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking Rafel Ivgi (Dec 10)