aMSN hotlog.htm Password Disclosure

2004-06-20T05:03:23
ID OSVDB:8123
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2004-06-20T05:03:23

Description

Vulnerability Description

aMSN contains a flaw that may lead to an unauthorized password hash exposure. It is possible to gain access to password hashes when a local user opens the 'hotlog.htm' file.

Solution Description

Upgrade to version 0.91 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

aMSN contains a flaw that may lead to an unauthorized password hash exposure. It is possible to gain access to password hashes when a local user opens the 'hotlog.htm' file.

Manual Testing Notes

C:/Documents%20and%20Settings/[username]/amsn/hotlog.htm

References:

Vendor URL: http://amsn.sourceforge.net/ Vendor Specific Advisory URL Security Tracker: 1010555 ISS X-Force ID: 16479 CVE-2004-2454