Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   Hotline Vendors:   Hotline Communications
Hotline File Sharing Program Discloses User Password to Local Users
SecurityTracker Alert ID:  1003704
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 1 2002
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.8.5
Description:   An information disclosure vulnerability was reported in the Hotline file sharing software. A local user can view the login password.

It is reported that the software stores the login name, password, and host information in plain text form in the "Bookmarks" directory (program files\hotline communications ltd\).

Impact:   A local user can view the Hotline user's password.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Hotline Client Plain password vuln.


I am using Hotline Client 1.8.5 from Hotline Communications Ltd on a
windows XP platform. In this client you have the options to save
bookmarks so you can easily connect to your sites.  When I was looking
around in the "Bookmarks" dir (program files\hotline communications ltd)
I saw that the bookmarks store your login, password and host in
plaintext although it is a binary file. Has this been mentioned before?
Is this normal or just a flaw from the creators?




Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC