SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Hotline Vendors:   Hotline Communications
Hotline File Sharing Program Discloses User Password to Local Users
SecurityTracker Alert ID:  1003704
SecurityTracker URL:  http://securitytracker.com/id/1003704
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 1 2002
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.8.5
Description:   An information disclosure vulnerability was reported in the Hotline file sharing software. A local user can view the login password.

It is reported that the software stores the login name, password, and host information in plain text form in the "Bookmarks" directory (program files\hotline communications ltd\).

Impact:   A local user can view the Hotline user's password.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.bigredh.com/hotline3/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Hotline Client Plain password vuln.



Hello,

I am using Hotline Client 1.8.5 from Hotline Communications Ltd on a
windows XP platform. In this client you have the options to save
bookmarks so you can easily connect to your sites.  When I was looking
around in the "Bookmarks" dir (program files\hotline communications ltd)
I saw that the bookmarks store your login, password and host in
plaintext although it is a binary file. Has this been mentioned before?
Is this normal or just a flaw from the creators?

Cheers,

Rens 

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC