Re: Plain Text Password Vulnerability in Winamp 2.80

From: Muhammad Faisal Rauf Danka (mfrdat_private)
Date: Mon May 20 2002 - 18:49:35 PDT

Next message: gobblesat_private: "route of #phrack is a funny man!"

Previous message: researchteamat_private: "eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability"
Maybe in reply to: isoxat_private: "Plain Text Password Vulnerability in Winamp 2.80"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't think winamp people ever intended to introduce MD5 or SHA1 hashes for saving passwords, or did they?

It is very well a bug if winamp does not prompt or adds a tick mark saying something like "Save Password", but If it does and you have tried it by clicking on it, then I guess it is pretty much intended to act in such manner. Currently do not have access to winamp, else I would've checked. =)

Best Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
voice: 92-21-4980523 92-21-4974781 

"Great is the Art of beginning, but Greater is the Art of ending. "

------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ 
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- 
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------


--- isoxat_private wrote:
>When a URL's is streamed in winamp which requires HTTP authentication, the user is prompted to enter a username and password.  This username and password is then stored as plain text in the file winamp.ini under the section [HTTP-AUTH].  The format of stored passwords (it seems) is <domain - TLD>=<username>:<password>.
> 
>URL's which are streamed are also kept as history in the winamp.ini file under the [winamp] section.  This includes URL's which include the username/password in them (ie, http://username:password@site).
> 
>This was verified in Winamp 2.80 on Windows XP.
> 
>- isox

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with emailat_private by Everyone.net  http://www.everyone.net/?btn=tag

Next message: gobblesat_private: "route of #phrack is a funny man!"
Previous message: researchteamat_private: "eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability"
Maybe in reply to: isoxat_private: "Plain Text Password Vulnerability in Winamp 2.80"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 21 2002 - 11:49:15 PDT