lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 24 Aug 2005 18:03:20 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: kozan@...instructors.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users


Dear kozan@...instructors.com,

There  is no bug, at least described one. Only current user or user with
administrative privileges can access HKEY_CURRENT_USER.


--Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq@...urityfocus.com:


ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows
ksc> Registry in plain text. A local user can read the values.

ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles
ksc> Auto.Username = Mercora IMRadio Username
ksc> Auto.Password = Mercora IMRadio Password



-- 
~/ZARAZA
http://www.security.nnov.ru/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ