Bugtraq mailing list archives
Plain Text Password Vulnerability in Winamp 2.80
From: isox () chainsawbeer com
Date: 19 May 2002 04:41:33 -0000
When a URL's is streamed in winamp which requires HTTP authentication, the user is prompted to enter a username and password. This username and password is then stored as plain text in the file winamp.ini under the section [HTTP-AUTH]. The format of stored passwords (it seems) is <domain - TLD>=<username>:<password>. URL's which are streamed are also kept as history in the winamp.ini file under the [winamp] section. This includes URL's which include the username/password in them (ie, http://username:password@site). This was verified in Winamp 2.80 on Windows XP. - isox
Current thread:
- Plain Text Password Vulnerability in Winamp 2.80 isox (May 20)
- <Possible follow-ups>
- Re: Plain Text Password Vulnerability in Winamp 2.80 Muhammad Faisal Rauf Danka (May 21)