Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Winamp Authentication Flaw

Posted on 2006-04-01
5
Medium Priority
?
301 Views
Last Modified: 2008-03-17
I know this problem with Winamp has been around for awhile (http://www.securiteam.com/windowsntfocus/5LP0M0A75G.html), but I have not found a solution. Does anyone know how to solve the problem of preventing Winamp from storing the username and password for streaming connections in plain text file? It does not make sense for such a practice to be done since any user of the computer can simply look at the plain text file and get the credentials that the previously user had to access protected content.
0
Comment
Question by:abnc
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:masnrock
ID: 16354995
What version of Winamp do you have? That's referring to a pretty old version (current version is 5, that bug was before version 3).

But at the time, security wasn't nearly as big a worry. But in the present day context, you're right, that should not have been done. But programmatically, it's easier, even though it's a hell of a lot less secure.
0
 

Author Comment

by:abnc
ID: 16356394
Every user that I have spoken with that connects to our protected stream using Winamp has the same flaw. Version run from 5.18 right up to the lastest which is 5.21 (I believe). It makes me want to block all Winamp users, but that wouldn't make a lot of people happy. Just wondering what could be done to close the security hole.
0
 
LVL 33

Accepted Solution

by:
masnrock earned 800 total points
ID: 16356644
Well, not too much... other than maybe finding a program to erase the history of Winamp. You MIGHT find something in here, but I can't promise it'll address that flaw. The biggest thing is really having AOL rewrite parts of the program to actually hash and more securely store that sort of information if it really needs it.

http://www.snapfiles.com/Shareware/security/swcookie.html
0
 

Author Comment

by:abnc
ID: 16356929
Well, I appreciate the responses. I have attempted to post on Winamp forum but for some reason don't have permission to post, although I am a registered user. I will submit my suggestion they at least not store credentials in plain text. We certainly have come far enough in technology to eliminate such needless storage of key information.
0
 
LVL 33

Expert Comment

by:masnrock
ID: 16357000
You're right, it's a very valid point. I wonder if they had ever attempted to fix that in Winamp 3... but of course, that was very much a failed experiment regardless. Hopefully by Winamp 6, that'll be a security hole of the past.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question