Info

Disclosure

Oct 28, 2004

Discovery

Unknown

Dates

Exploit

Oct 28, 2004

Solution

Unknown

Description

GSuite contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program writes its configuration file to X:\Documents and Settings\<username>\Application Data\GSuit\settings.xml, which writes the user's Gmail username in plaintext and password in an easily decipherable format, resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Authentication Management, Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Imspire

GSuite

1.0 R13

References

Security Tracker: 1011994
Vendor URL: http://www.imspire.com/gsuite/index.html
Other Advisory URL: http://www.osvdb.org/ref/11/11176-gsuite.txt

Credit

Lostmon Lords - Lostmongmail.com -

Direct URL: http://osvdb.org/36218