[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking

To: <bugtraq@securityfocus.com>
Subject: Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking
From: "Rafel Ivgi" <nuritrv18@bezeqint.net>
Date: Wed, 10 Dec 2003 21:17:29 +0200

Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking 
***************************************************
Discovered by Rafel Ivgi, The-Insider.
http://theinsider.deep-ice.com
(This Is My First Advisory!)

Whenever a user sets flashget to dial-up to the internet he types his
username &  password.
This sensitive data is being saved at the registery without no
encryption!.
It saved as hex data at the following location.

[HKEY_USERS\.DEFAULT\Software\JetCar\JetCar\DialUp]
"Entry"="<connection name>"
"UserName"="<dialup username>"
"Password"=hex:'<dialup password'<

Prev by Date: Re: Internet Explorer URL parsing vulnerability
Next by Date: Re: Internet Explorer URL parsing vulnerability
Previous by thread: GeoHttpServer[webcam] Causes MFC42.DLL to overflow
Next by thread: [SCSA-023] Multiple vulnerabilities in Mambo Server
Index(es):
- Date
- Thread