ID CVE-2002-2412
Summary Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
References
Vulnerable Configurations
  • cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 05-09-2008 - 20:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 4781
bugtraq 20020519 Plain Text Password Vulnerability in Winamp 2.80
xf winamp-plaintext-password(9114)
Last major update 05-09-2008 - 20:33
Published 31-12-2002 - 05:00
Last modified 05-09-2008 - 20:33
Back to Top