Vulnerabilities > CVE-2002-2412 - Credentials Management vulnerability in Nullsoft Winamp 2.80

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

nullsoft

CWE-255

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.

Vulnerable Configurations

Part	Description	Count
Application	Nullsoft Nullsoft Winamp 2.80	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://online.securityfocus.com/archive/1/273257
http://www.iss.net/security_center/static/9114.php
http://www.securityfocus.com/bid/4781