Network Security: Detailed info on Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

Subject:	Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
Date:	Wed, 24 Aug 2005 18:03:20 +0400

Subject:

Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users

Date:

Wed, 24 Aug 2005 18:03:20 +0400

Dear kozan@spyinstructors.com, There is no bug, at least described one. Only current user or user with administrative privileges can access HKEY_CURRENT_USER. --Tuesday, August 23, 2005, 5:20:16 PM, you wrote to bugtraq@securityfocus.com: ksc> Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows ksc> Registry in plain text. A local user can read the values. ksc> HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles ksc> Auto.Username = Mercora IMRadio Username ksc> Auto.Password = Mercora IMRadio Password -- ~/ZARAZA http://www.security.nnov.ru/

<Prev in Thread]	Current Thread	[Next in Thread>
Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, kozan Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, 3APA3A <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: unload event in ie/mozilla/opera, David Gillett
Next by Date:	[Full-disclosure] [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
Previous by Thread:	Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, kozan
Next by Thread:	ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, kozan
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: unload event in ie/mozilla/opera, David Gillett

Next by Date:

[Full-disclosure] [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability, Sune Kloppenborg Jeppesen

Previous by Thread:

Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, kozan

Next by Thread:

ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, kozan

Indexes:

[Date] [Thread] [Top] [All Lists]