Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
WinMX Design Error - exploit.company
header-logo
Suggest Exploit
vendor:
WinMX
by:
James Bercegay
3.3
CVSS
MEDIUM
Design Error
N/A
CWE
Product Name: WinMX
Affected Version From: 2.6
Affected Version To: 2.6
Patch Exists: YES
Related CWE: N/A
CPE: a:frontcode_technologies:winmx
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2005

WinMX Design Error

WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular. Especially amongst users on private networks. The problems with WinMX 2.6 is that it provides pretty much NO password protection. This can be exploited both locally and remotely. Locally, one can edit a particular server, and upon doing so the username and pass are presented in plaintext, and the other way is to open the nservers.dat file in the WinMX directory. Remotely, the passwords are encrypted by such servers as SlavaNap etc, but they are passed to the server in plaintext, so any malicious server owner with a packet sniffer can exploit this vuln.

Mitigation:

Upgrade to the latest version of WinMX
Source

Exploit-DB raw data:

WinMX Design Error

Vendor: Frontcode Technologies
Product: WinMX
Version: <= 2.6
Website: http://www.winmx.com/

BID: 7771 

Description:
WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular. Especially amongst users on private networks. I believe this is largely due to the fact that 2.6 does not have the option to output .wsx file (WinMX server list files) This helps keep the addresses for private OpenNap servers out of the hands of uninvited users (amongst other reasons). 

Problem:
The problems with WinMX 2.6 is that it provides pretty much NO password protection. This can be exploited both locally and remotely. Again, I think all of us have seen the bad habit that most people have of using the same password for multiple accounts etc etc. 

Local Exploitation:
There several ways to exploit this issue locally. One is to just edit a particular server, and upon doing so the username and pass are presented in plaintext, and the other way is to open the nservers.dat file in the WinMX directory. 

Remote Exploitation:
Even though the passwords are encrypted by such servers as SlavaNap etc, they are passed to the server in plaintext, so any malicious server owner with a packet sniffer can exploit this vuln. 

Conclusion:
I realized this issue back when 2.6 was the current release, but never reported it because VERY shortly thereafter a new version of WinMX was available. However with the substantial number of 2.6 users still around I felt it was best that this vulnerability become official, as there is nothing about it on google etc that i was able to find. So to anyone using 2.6 i offer this advice. Do not use a password for WinMX 2.6 that you use for other accounts at the very least. Hope this helps some of the 2.6 users out. Cheers 

Solution:
Upgrade to the latest version of WinMX 

Credits:
James Bercegay of the GulfTech Security Research Team.

Navigation

Suggest Exploit

Services By CQR