Real Media Server stores passwords in plain text

• Previous message: gandalfat_private: "Re: ARP problem in Windows9X/NT"
• Next in thread: Peter Roth: "Re: Real Media Server stores passwords in plain text"
• Reply: Peter Roth: "Re: Real Media Server stores passwords in plain text"
• Reply: Adam Laurie: "Re: Real Media Server stores passwords in plain text"
• Reply: Doug Monroe: "Re: Real Media Server stores passwords in plain text"
• Reply: Lawrence S. Lee: "Re: Real Media Server stores passwords in plain text"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My real media server information:

fmmarzoa@alexander:/usr/local/rserver/Bin > rmserver -version
Creating Server Space...
Starting RealServer 6.0 Core...
RealServer (c) 1995-1998 RealNetworks, Inc. All rights reserved.
Version:        6.0.3.353
Platform: linux2

The fact is that through installation process it ask for a password that
itsn't hide neither when you write it, but worse is that this password is
stored in the file /usr/local/rmserver/rmserver.cfg in plain format and
this file have as default a 644 permision mask.

Excuse if this security issue was adviced before and, by the way, my poor
english too.

--
Francisco M. Marzoa Alonso - SiRE
3CLiNUX - http://club.idecnet.com/~fmmarzoa/

• Next message: Alan DeKok: "Re: ARP problem in Windows9X/NT"
• Previous message: gandalfat_private: "Re: ARP problem in Windows9X/NT"
• Next in thread: Peter Roth: "Re: Real Media Server stores passwords in plain text"
• Reply: Peter Roth: "Re: Real Media Server stores passwords in plain text"
• Reply: Adam Laurie: "Re: Real Media Server stores passwords in plain text"
• Reply: Doug Monroe: "Re: Real Media Server stores passwords in plain text"
• Reply: Lawrence S. Lee: "Re: Real Media Server stores passwords in plain text"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:25 PDT