lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: david.vincent at mightyoaks.com (David Vincent) Subject: http://www.theregister.co.uk/content/55/31353.html would ya look at that! donnie weiner made the news... -d --------------- http://www.theregister.co.uk/content/55/31353.html Come up and see me some time By Mike Kemp Posted: 20/06/2003 at 17:14 GMT WebcamNow, a streaming image service with more than 1.5 million users a month, stores user ids and passwords in plain text in the registry of users' computers. The coding snafu, first spotted by bugwatcher Donnie Werner, was posted on BugTraq on June 12. The error had not been fixed on June 18, when we signed up for the service. WebcamNow stores usernames and associated passwords in plaintext format in the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password As a result these details can be exposed to any local users who have the permissions to view these directories, or any illegitimate intruder with the tenacity to gain access to them. The company has yet to make a formal comment. Using WebcamNow's service right now may let you see the bored housewives from the Midwest in sundry states of undress, but it could also allow system intruders, or other legitimate local users, to see them too. WebcamNow is "continually ranked as one of the top 10 "stickiest" Web sites on the Net by Nielsen/NetRatings and Media Metrix". It may be "sticky" - but secure? Patch, please. ?
Powered by blists - more mailing lists