SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   Winamp Vendors:   Nullsoft
Winamp Media Player May Disclose Certain User Passwords to Local Users
SecurityTracker Alert ID:  1004335
SecurityTracker URL:  http://securitytracker.com/id/1004335
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 21 2002
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 2.80
Description:   An information disclosure vulnerability was reported in the Winamp MP3 player. The player stores usernames and passwords for streaming URLs that require authentication on the local system in plain text form.

It is reported that when a URL that requires HTTP authentication is accessed via Winamp, the local user's typed username and password is stored in the 'winamp.ini' file under the section [HTTP-AUTH]. The format is reported to be:

<domain - TLD>=<username>:<password>

The report also indicates that streaming URLs are also stored in the history list in the 'winamp.ini' file under the section [winamp]. This history list will also include plaintext usernames and passwords for URLs that require authentication, stored in the form:

http://username:password@site

A local user could access the winamp.ini file to view the passwords.
Impact:   A local user can view another local users passwords for streaming URLs accessed via Winamp that require authentication.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.winamp.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  19 May 2002 04:41:33 -0000
Subject:  Plain Text Password Vulnerability in Winamp 2.80


When a URL's is streamed in winamp which requires HTTP authentication, the user is prompted to enter a username and password.  This
 username and password is then stored as plain text in the file winamp.ini under the section [HTTP-AUTH].  The format of stored passwords
 (it seems) is <domain - TLD>=<username>:<password>.
 
URL's which are streamed are also kept as history in the winamp.ini file under the [winamp] section.  This includes URL's which include
 the username/password in them (ie, http://username:password@site).
 
This was verified in Winamp 2.80 on Windows XP.
 
- isox


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC