Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: realsy~1.txt

RealSystem G2 Server for Unix saves password in cleartext - securing against a possible hack!




RealSystem G2 Server saves password in clear text.

RealSystem's G2 Server is a product by RealNetworks that allows you to
deliver choreographed multimedia presentations that include audio, video,
images, web pages, and text over the Internet or corporate Intranets. The
G2 Server was contains a bug where the administrative user and password is
saved in the configuration file in clear text and with world readable file
permissions (in UNIX system only), making it possible for anyone to gain
access to the administrative password.

While installing the evaluation copy of RealSystem G2 server, you have to
enter an admin username and password. The password is written to the
configuration file in clear text, and not only that, but the file
permissions are 644 (meaning -rw-r--r--, or world readable) making it
possible for a malicious user to gain access to RealSystem's G2 Server's
administrative user and wreck havoc.

RealSystem's home page is: http://www.real.com.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH