------------------------------------------------------------------
          - EXPL-A-2003-006 exploitlabs.com Advisory 006
------------------------------------------------------------------
                        -= ANYwebcam =-


morning_wood
June 10, 2003


Vunerability(s):
----------------
1. Cleartext Passwords in Windows registry


Product:
--------
ANYwebcam
http://www.anywebcam.com/awc/html/index.html


Reviews:
--------


Description of product:
-----------------------

ANYwebcam provides Internet video broadcasting and chat for personal use.
  


VUNERABILITY / EXPLOIT
======================

Local:
------

View user / password in these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\ANYwebcam\(username)
Password

there is no excuse for a plaintext passsword in the windows registry file period.
Any computer with multiple users is vunerable to password discovery and
disclosure. hint - hash yer pass


Remote:
-------
none 
( unless remote registry is enabled or a intranet / lan topology [or previous remote compromise] )


Vendor Fix:
-----------
No fix on 0day



Vendor Contact:
---------------
business@anywebcam.com - Concurrent with this advisory



Credits:
--------

Donnie Werner
http://exploitlabs.com "were finding your holes"