BID:13445

FilePocket Local Information Disclosure Vulnerability

Info

FilePocket Local Information Disclosure Vulnerability

Bugtraq ID:	13445
Class:	Design Error
CVE:	CVE-2005-1414
Remote:	No
Local:	Yes
Published:	Apr 29 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Discovery of this issue is credited to [email protected].
Vulnerable:	StumbleInside Software GoText 1.0 ExoticSoft FilePocket 1.2

Not Vulnerable:

Discussion

FilePocket Local Information Disclosure Vulnerability

FilePocket is prone to a local information disclosure vulnerability. The application stores plaintext proxy passwords in the windows registry.

A local attacker may exploit this issue to disclose potentially sensitive information. Data harvested through exploitation of this issue may be used to aid in further attacks launched against the target computer.

Exploit / POC

FilePocket Local Information Disclosure Vulnerability

No exploit is required.

/data/vulnerabilities/exploits/filepocket.c

Solution / Fix

FilePocket Local Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

FilePocket Local Information Disclosure Vulnerability

References:

FilePocket Homepage (ExoticSoft)
GoText Homepage (StumbleInside Software)