Bugtraq mailing list archives

Real Media Server stores passwords in plain text

From: fmmarzoa () SIRE ES (Francisco M. Marzoa Alonso)
Date: Wed, 14 Apr 1999 10:45:50 +0200


My real media server information:

fmmarzoa@alexander:/usr/local/rserver/Bin > rmserver -version
Creating Server Space...
Starting RealServer 6.0 Core...
RealServer (c) 1995-1998 RealNetworks, Inc. All rights reserved.
Version:        6.0.3.353
Platform: linux2

The fact is that through installation process it ask for a password that
itsn't hide neither when you write it, but worse is that this password is
stored in the file /usr/local/rmserver/rmserver.cfg in plain format and
this file have as default a 644 permision mask.

Excuse if this security issue was adviced before and, by the way, my poor
english too.

--
Francisco M. Marzoa Alonso - SiRE
3CLiNUX - http://club.idecnet.com/~fmmarzoa/

Current thread:

Re: ARP problem in Windows9X/NT, (continued)
- - - Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
    - Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 13)
    - Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
    - Re: ARP problem in Windows9X/NT Alan DeKok (Apr 13)
    - Re: ARP problem in Windows9X/NT Joseph Gooch (Apr 14)
    - Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 15)
    - Possible WU-ftpd Worm ? Stu Alchor (Apr 13)
    - Re: Possible WU-ftpd Worm ? Gregory A Lundberg (Apr 14)
    - Re: Possible WU-ftpd Worm ? Gregory Newby (Apr 14)
    - Re: Possible WU-ftpd Worm ? M.Brands (Apr 14)
    - Real Media Server stores passwords in plain text Francisco M. Marzoa Alonso (Apr 14)
    - Announce: Secure UNIX Programming FAQ Thamer Al-Herbish (Apr 13)
    - Bugs in anonymity services Avi Rubin (Apr 13)
  - NetBSD Security Advisory 1999-008 matthew green (Apr 12)
- Re: ICQ Webserver bug Scott (Apr 08)