Winamp Authentication Flaw

I know this problem with Winamp has been around for awhile (http://www.securiteam.com/windowsntfocus/5LP0M0A75G.html), but I have not found a solution. Does anyone know how to solve the problem of preventing Winamp from storing the username and password for streaming connections in plain text file? It does not make sense for such a practice to be done since any user of the computer can simply look at the plain text file and get the credentials that the previously user had to access protected content.
abncAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
What version of Winamp do you have? That's referring to a pretty old version (current version is 5, that bug was before version 3).

But at the time, security wasn't nearly as big a worry. But in the present day context, you're right, that should not have been done. But programmatically, it's easier, even though it's a hell of a lot less secure.
0
abncAuthor Commented:
Every user that I have spoken with that connects to our protected stream using Winamp has the same flaw. Version run from 5.18 right up to the lastest which is 5.21 (I believe). It makes me want to block all Winamp users, but that wouldn't make a lot of people happy. Just wondering what could be done to close the security hole.
0
masnrockCommented:
Well, not too much... other than maybe finding a program to erase the history of Winamp. You MIGHT find something in here, but I can't promise it'll address that flaw. The biggest thing is really having AOL rewrite parts of the program to actually hash and more securely store that sort of information if it really needs it.

http://www.snapfiles.com/Shareware/security/swcookie.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
abncAuthor Commented:
Well, I appreciate the responses. I have attempted to post on Winamp forum but for some reason don't have permission to post, although I am a registered user. I will submit my suggestion they at least not store credentials in plain text. We certainly have come far enough in technology to eliminate such needless storage of key information.
0
masnrockCommented:
You're right, it's a very valid point. I wonder if they had ever attempted to fix that in Winamp 3... but of course, that was very much a failed experiment regardless. Hopefully by Winamp 6, that'll be a security hole of the past.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.