SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Dreamweaver Vendors:   Macromedia
Macromedia Dreamweaver Weak Encoding Lets Local Users Retrieve FTP Site Passwords
SecurityTracker Alert ID:  1005529
SecurityTracker URL:  http://securitytracker.com/id/1005529
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 4 2002
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 4; other versions may be affected
Description:   An access control vulnerability was reported in Macromedia Dreamweaver. A local user can obtain stored FTP site passwords.

SecurityBugware reported that the software uses a weak encoding method to store passwords in the Windows Registry. A local user can decode the passwords and then gain FTP access to the server(s).

SecurityBugware credits Alexandre de Abreu from Nettion Team of Fortes Informatica [http://www.nettion.com.br] with reporting this flaw.

Impact:   A local user can retrieve stored FTP server passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.macromedia.com/software/dreamweaver/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Apple (Legacy "classic" Mac), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Macromedia Dreamweaver Password Storage Vulnerability


http://www.securitybugware.org/NT/5789.html

SecurityBugware reported a vulnerability in Macromedia Dreamweaver.  A local user can
obtain stored FTP site passwords.

Macromedia Dreamweaver 4 is affected.

[http://www.nettion.com.br] with reporting this flaw.

It is reported that the software uses a weak encoding method to store passwords in the
Windows Registry.  A local user can decode the passwords and then gain FTP access to the
server(s).




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC