lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 16 Sep 2005 18:29:47 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: contact@...scanner.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure


Dear contact@...scanner.com,

Wow!  Local  information leak for Pocket PC ;)

The  problem is exploitation is not trivial - it requires local attacker
to  be  able to install software, because (as far as I know) there is no
default  application  for Windows for Mobile to browse registry. Because
Windows  for Mobile is not real multi-user system, this issue can not be
classified as security one.


--Wednesday, September 14, 2005, 3:31:18 AM, you wrote to bugtraq@...urityfocus.com:

cac> File Transfer Anywhere v3.01 Local Server Password Disclosure

cac> Mobile  device  running  Windows  Mobile  Pocket  PC  with Transfer


-- 
~/ZARAZA
http://www.security.nnov.ru/

Powered by blists - more mailing lists