-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this is my first post to bugtraq, so excuse me if this is already known. After a quick search through the bugtraq archives, I didn't find anything related to this issue so I thought users should know about this. I don't know if this belongs here after aleph's recent post about "Secure Storage of Secrets in Windows". The passwords for the ftp account where the images are going to be uploaded are stored in plain text in the file /%windir%/sysdat.dll, i.e. c:\windows\sysdat.dll and they look like this: [Web] FTPUserName=foo FTPUserPWD=bar This problem affects both versions 1.0 and 1.1 of this software. Creative Labs Spain has been notified, and they answered they don't support neither freeware or OEM products. ulandron - --------------------------------------------------------------------- Ulandron [ulandronat_private] UIN #16059242 http://www.undersec.com Key-ID: 1024D/CF42B63F available at http://undersec.com/members/ Key fingerprint = 9A69 EC5B 2193 9F71 CD2C D6E7 3DD2 483C CF42 B63F -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE3QMviPdJIPM9Ctj8RAvAlAJ9hWjSYIcrN3nOvTMHQ6+EPRs6XXACbBNGO YuOKLkYv/qoPGQF9XNX78C4= =Xmdn -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:12 PDT