GiantRat Mailer exposes PoP password

2003-03-15T00:00:00
ID SECURITYVULNS:DOC:4210
Type securityvulns
Reporter Securityvulns
Modified 2003-03-15T00:00:00

Description

Security advisory

Issue: GiantRat Mailer exposes plain text PoP password

Date: 03/13/03

Vendor first notified: Febuary 2003

Affected versions: All (tested v3.1, 2.x, 1.x

ABOUT GiantRat Mailer:

GiantRat Mailer is an innovative email client that has settings for the sight-impaired and has optional voice prompts utilizing MS-Agent. Currently there are thousands of installations worldwide in use by the blind.

SECURITY ISSUES:

In the root of the client installation, e.g., c:\program files\giantrat, the GiantRat.ini file clearly shows user login information and the PoP password in line 18. There is no encryption whatsoever.

Risk: Obvious – the blind can’t see it but we sure can…even after a few shots of Stolichnaya.

ADVISE TO USERS:

Make sure your hard drives are secure and safe from prying eyes.

VENDOR RESPONSE: The company was made aware and has implemented an XOR encryption algorithm effective 03/13/2003 that scrambles the password in the .ini file.

Updates are available.

Regards,

maninthemiddle@hushmail.com

Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427