|
RealSystem G2 Server saves password in clear text. RealSystem's G2 Server is a product by RealNetworks that allows you to deliver choreographed multimedia presentations that include audio, video, images, web pages, and text over the Internet or corporate Intranets. The G2 Server was contains a bug where the administrative user and password is saved in the configuration file in clear text and with world readable file permissions (in UNIX system only), making it possible for anyone to gain access to the administrative password. While installing the evaluation copy of RealSystem G2 server, you have to enter an admin username and password. The password is written to the configuration file in clear text, and not only that, but the file permissions are 644 (meaning -rw-r--r--, or world readable) making it possible for a malicious user to gain access to RealSystem's G2 Server's administrative user and wreck havoc. RealSystem's home page is: http://www.real.com.