Hotline password vulnerability

Discussion in 'other security issues & news' started by Paul Wilders, Mar 5, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Summary

    Hotline Connect is a suite of two free applications that enables Internet users to communicate and share files and information. A security vulnerability in the product allows local users with access to a shared Hotline program installation directory, to access other people's used username and passwords.


    Details

    Vulnerable systems:
    Hotline Client version 1.8.5

    The Hotline client contains a feature that allows users to store bookmarks to certain sites they frequently visit. The "Bookmarks" directory (usually under: program files\hotline communications ltd) contains a file that inside it you can find your login, password and host stored in plaintext.

    source: www.securiteam.com
     
Loading...
Thread Status:
Not open for further replies.