Bugtraq mailing list archives
Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 24 Aug 2005 18:03:20 +0400
Dear kozan () spyinstructors com, There is no bug, at least described one. Only current user or user with administrative privileges can access HKEY_CURRENT_USER. --Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq () securityfocus com: ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows ksc> Registry in plain text. A local user can read the values. ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles ksc> Auto.Username = Mercora IMRadio Username ksc> Auto.Password = Mercora IMRadio Password -- ~/ZARAZA http://www.security.nnov.ru/
Current thread:
- Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users kozan (Aug 23)
- Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users 3APA3A (Aug 24)