M. Marzoa Alonso wrote: > -----Original Message----- > From: Bugtraq List [mailto: Behalf Of Francisco > M. Marzoa Alonso > Sent: Mittwoch, 14. April 1999 10:46 > To: BUGTRAQat_private > Subject: Real Media Server stores passwords in plain text > > > My real media server information: > > fmmarzoa@alexander:/usr/local/rserver/Bin > rmserver -version > Creating Server Space... > Starting RealServer 6.0 Core... > RealServer (c) 1995-1998 RealNetworks, Inc. All rights reserved. > Version: 6.0.3.353 > Platform: linux2 > > The fact is that through installation process it ask for a > password that > itsn't hide neither when you write it, but worse is that this > password is > stored in the file /usr/local/rmserver/rmserver.cfg in plain > format and > this file have as default a 644 permision mask. > > Excuse if this security issue was adviced before and, by the > way, my poor > english too. > > -- > Francisco M. Marzoa Alonso - SiRE > 3CLiNUX - http://club.idecnet.com/~fmmarzoa/ > this also affects Version 6.0.3.303 of RealAudio Basic Server on Win NT, File Persmission is set to full access by everyone Greetings Peter
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:34 PDT