------------------------------------------------------------------
          - EXPL-A-2003-005 exploitlabs.com Advisory 005
------------------------------------------------------------------
                    -= Webcam Now =-


morning_wood
June 10, 2003


Vunerability(s):
----------------
1. Cleartext Passwords in Windows registry


Product:
--------
Webcam Now Broadcaster
http://www.webcamnow.com/
http://www.webcamnow.com/download.html

Reviews:
--------


Description of product:
-----------------------

"WebcamNow provides free Internet video
 broadcasting service (software and hosting) for personal use.
 Live video can be broadcast from virtually any PC camera or video
 capture device by simply creating an ID and start the WebcamNow
 Video Broadcaster. Additionally, the video is accompanied by real-time
 communication through text and voice chat. Live webcam broadcasts
 can be viewed through any current browser that supports Java by
 going to the Videochat start page or the WebcamNow home page"



VUNERABILITY / EXPLOIT
======================

Local:
------

View user / password in these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password

there is no excuse for a plaintext passsword in the windows registry file period.
Any computer with multiple users is vunerable to password discovery and
disclosure. hint - hash yer pass


Remote:
-------
none 
( unless remote registry is enabled or a intranet / lan topology [or previous remote compromise] )


Vendor Fix:
-----------
No fix on 0day



Vendor Contact:
---------------
support@webcamnow.com - Concurrent with this advisory


Credits:
--------

Credits:
--------

Donnie Werner
http://exploitlabs.com "were finding your holes"