|
WinMX Plaintext Password Vulnerabilities
|
June 02, 2022
|
|
|
Description:
WinMX 2.6 is an older version of the popular file
sharing client WinMX. While the current version is
3.31, 2.6 still remains quite popular. Especially
amongst users on private networks. I believe this
is largely due to the fact that 2.6 does not have
the option to output .wsx file (WinMX server list
files) This helps keep the addresses for private
OpenNap servers out of the hands of uninvited users
(amongst other reasons).
Problem:
The problems with WinMX 2.6 is that it provides
pretty much NO password protection. This can be
exploited both locally and remotely. Again, I
think all of us have seen the bad habit that most
people have of using the same password for multiple
accounts etc etc.
Local Exploitation:
There several ways to exploit
this issue locally. One is to just edit a particular
server, and upon doing so the username and pass are
presented in plaintext, and the other way is to
open the nservers.dat file in the WinMX directory.
Remote Exploitation:
Even though the passwords are
encrypted by such servers as SlavaNap etc, they are
passed to the server in plaintext, so any malicious
server owner with a packet sniffer can exploit this
vuln.
Conclusion:
I realized this issue back when 2.6 was the current
release, but never reported it because VERY shortly
thereafter a new version of WinMX was available.
However with the substantial number of 2.6 users still
around I felt it was best that this vulnerability become
official, as there is nothing about it on google etc that
i was able to find. So to anyone using 2.6 i offer this
advice. Do not use a password for WinMX 2.6 that you use
for other accounts at the very least. Hope this helps
some of the 2.6 users out. Cheers
Solution:
Upgrade to the latest version of WinMX
Credits:
James Bercegay of the GulfTech Security Research Team.
|
|
|
