Info

Disclosure

Jun 20, 2003

Discovery

Unknown

Dates

Exploit

Jul 13, 2003

Solution

Unknown

Description

WebcamNow contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by accessing HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name and HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password registry keys, which may lead to a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

WebcamNow.com Inc.

WebcamNow

No version

References

Bugtraq ID: 7884
Other Advisory URL: http://attrition.org/errata-new/company/webcamnow01.html
Mail List Post: http://lists.virus.org/dw-0day-0306/msg00026.html
News Article: http://www.theregister.co.uk/content/55/31353.html
Vendor URL: http://www.webcamnow.com/

Credit

Donnie Werner - morning_woodexploitlabs.com - Exploit Labs

Direct URL: http://osvdb.org/58521