creative.labs.webcam.passwd.txt

`Date: Tue, 18 May 1999 04:09:22 +0200  
From: Ulandron <[email protected]>  
To: [email protected]  
Subject: Creative Video Blaster Webcam stores passwords in plaintext  
  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Hi,  
  
this is my first post to bugtraq, so excuse me if this is already known.  
After a quick search through the bugtraq archives, I didn't find  
anything related to this issue so I thought users should know about this.  
I don't know if this belongs here after aleph's recent post about "Secure  
Storage of Secrets in Windows".  
  
The passwords for the ftp account where the images are going to be  
uploaded are stored in plain text in the file /%windir%/sysdat.dll, i.e.  
c:\windows\sysdat.dll and they look like this:  
  
[Web]  
FTPUserName=foo  
FTPUserPWD=bar  
  
This problem affects both versions 1.0 and 1.1 of this software.  
  
Creative Labs Spain has been notified, and they answered they don't  
support neither freeware or OEM products.  
  
ulandron  
  
- ---------------------------------------------------------------------  
Ulandron [[email protected]] UIN #16059242 http://www.undersec.com  
Key-ID: 1024D/CF42B63F available at http://undersec.com/members/  
Key fingerprint = 9A69 EC5B 2193 9F71 CD2C D6E7 3DD2 483C CF42 B63F  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v0.9.6 (GNU/Linux)  
Comment: For info see http://www.gnupg.org  
  
iD8DBQE3QMviPdJIPM9Ctj8RAvAlAJ9hWjSYIcrN3nOvTMHQ6+EPRs6XXACbBNGO  
YuOKLkYv/qoPGQF9XNX78C4=  
=Xmdn  
-----END PGP SIGNATURE-----  
  
`