SnapStream PVS 1.2 - Plaintext Password

EDB-ID:

21035


Author:

John

Type:

remote


Platform:

Windows

Date:

2001-07-26


source: https://www.securityfocus.com/bid/3101/info

Snapstream Personal Video Station is an application for Microsoft Windows which allows users to record video output on their PC and view it at a later time, locally or via an HTTP interface. The Snapstream PVS web interface runs on port 8129.

The PVS service stores passwords and user information in plaintext format. Additional information is also contained in the same file which stores passwords, such as the location of the base directory for the service.

This would normally only be a local issue but in combination with other known vulnerabilities the file which stores passwords and user information is easily obtained.

Due to the issue discussed as Bugtraq ID 3100, the passwords can be disclosed to remote attackers. 

http://home.victim.com:8080/../ssd.ini