| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Dec 2003 21:17:29 +0200 From: "Rafel Ivgi" <nuritrv18@...eqint.net> To: <bugtraq@...urityfocus.com> Subject: Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking *************************************************** Discovered by Rafel Ivgi, The-Insider. http://theinsider.deep-ice.com (This Is My First Advisory!) Whenever a user sets flashget to dial-up to the internet he types his username & password. This sensitive data is being saved at the registery without no encryption!. It saved as hex data at the following location. [HKEY_USERS\.DEFAULT\Software\JetCar\JetCar\DialUp] "Entry"="<connection name>" "UserName"="<dialup username>" "Password"=hex:'<dialup password'<
Powered by blists - more mailing lists