| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200303132202.h2DM23dG061929@mailserver2.hushmail.com> Date: Thu, 13 Mar 2003 14:02:03 -0800 From: maninthemiddle@...hmail.com To: bugtraq@...urityfocus.com Subject: GiantRat Mailer exposes PoP password Security advisory Issue: GiantRat Mailer exposes plain text PoP password Date: 03/13/03 Vendor first notified: Febuary 2003 Affected versions: All (tested v3.1, 2.x, 1.x ABOUT GiantRat Mailer: GiantRat Mailer is an innovative email client that has settings for the sight-impaired and has optional voice prompts utilizing MS-Agent. Currently there are thousands of installations worldwide in use by the blind. SECURITY ISSUES: In the root of the client installation, e.g., c:\program files\giantrat, the GiantRat.ini file clearly shows user login information and the PoP password in line 18. There is no encryption whatsoever. Risk: Obvious – the blind can’t see it but we sure can…even after a few shots of Stolichnaya. ADVISE TO USERS: Make sure your hard drives are secure and safe from prying eyes. VENDOR RESPONSE: The company was made aware and has implemented an XOR encryption algorithm effective 03/13/2003 that scrambles the password in the .ini file. Updates are available. Regards, maninthemiddle@...hmail.com Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists