[10214] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Real Media Server stores passwords in plain text

daemon@ATHENA.MIT.EDU (Francisco M. Marzoa Alonso)
Wed Apr 14 14:03:56 1999

Date: 	Wed, 14 Apr 1999 10:45:50 +0200
Reply-To: "Francisco M. Marzoa Alonso" <fmmarzoa@SIRE.ES>
From: "Francisco M. Marzoa Alonso" <fmmarzoa@SIRE.ES>
To: BUGTRAQ@NETSPACE.ORG

My real media server information:

fmmarzoa@alexander:/usr/local/rserver/Bin > rmserver -version
Creating Server Space...
Starting RealServer 6.0 Core...
RealServer (c) 1995-1998 RealNetworks, Inc. All rights reserved.
Version:        6.0.3.353
Platform: linux2

The fact is that through installation process it ask for a password that
itsn't hide neither when you write it, but worse is that this password is
stored in the file /usr/local/rmserver/rmserver.cfg in plain format and
this file have as default a 644 permision mask.

Excuse if this security issue was adviced before and, by the way, my poor
english too.

--
Francisco M. Marzoa Alonso - SiRE
3CLiNUX - http://club.idecnet.com/~fmmarzoa/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10214] in bugtraq

Real Media Server stores passwords in plain text

daemon@ATHENA.MIT.EDU (Francisco M. Marzoa Alonso)Wed Apr 14 14:03:56 1999

daemon@ATHENA.MIT.EDU (Francisco M. Marzoa Alonso)
Wed Apr 14 14:03:56 1999