SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   RealServer Vendors:   RealNetworks
RealServer Discloses Usernames and Passwords to Local Users
SecurityTracker Alert ID:  1009881
SecurityTracker URL:  http://securitytracker.com/id/1009881
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 20 2004
Impact:   Disclosure of authentication information

Version(s): 8.02
Description:   CyberTal0n reported a vulnerability in RealServer. A local user can view usernames and passwords.

It is reported that RealServer 8.02 stores the account usernames and passwords in clear text in a file in the 'adm_b_db/users/' directory. Passwords are also reportedly stored in clear text in the 'default.cfg' and 'rmserver.cfg' files.

A local user can view the account names and passwords, the report said.

Impact:   A local user can view the account names and passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.real.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (Open UNIX-SCO), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  RealServer 8.02 Discloses the server's users usernames and passwords


RealServer 8.02 Discloses the server's users usernames and passwords to local users
                         Found by: CyberTalon

1. Problem
2. Exploit
3. Info

1. RealServer 8.02 stores users of the server's usernames and passwords in clear text in 
adm_b_db/users/username(file). Where username(file) is replace with a username on the 
server, then the contents of the file desplay the users password in clear-text. It also 
stores them in default.cfg and rmserver.cfg in plain-text.

2. adm_b_db/users/username(file)

and

default.cfg

and

rmserver.cfg

3. Vendor URL: www.real.com

-CT

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC