ThePoolClub IPool/ISnooker Insecure Local Credential Storage Vulnerability
BID:12830
Info
ThePoolClub IPool/ISnooker Insecure Local Credential Storage Vulnerability
| Bugtraq ID: | 12830 |
| Class: | Design Error |
| CVE: |
CVE-2005-0823 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 17 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this issue is credited to [email protected]. |
| Vulnerable: |
ThePoolClub iSnooker 1.6.8 ThePoolClub iPool 1.6.81 |
| Not Vulnerable: | |
Discussion
ThePoolClub IPool/ISnooker Insecure Local Credential Storage Vulnerability
iPool and iSnooker are reported prone to a design flaw. It is reported that the applications store username and passwords in plaintext in a folder that is accessible by all local users.
An attacker with local interactive access to the affected computer may exploit this issue to retrieve iPool and iSnooker credentials, this data may aid in further exploit attempts.
iSnooker and iPool versions up to an including version 1.6.8 are reported prone to this issue.
iPool and iSnooker are reported prone to a design flaw. It is reported that the applications store username and passwords in plaintext in a folder that is accessible by all local users.
An attacker with local interactive access to the affected computer may exploit this issue to retrieve iPool and iSnooker credentials, this data may aid in further exploit attempts.
iSnooker and iPool versions up to an including version 1.6.8 are reported prone to this issue.
Exploit / POC
ThePoolClub IPool/ISnooker Insecure Local Credential Storage Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
ThePoolClub IPool/ISnooker Insecure Local Credential Storage Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ThePoolClub IPool/ISnooker Insecure Local Credential Storage Vulnerability
References:
References:
- iSnooker and iPool Homepage (ThePoolClub)