WinMX Design Error Vendor: Frontcode Technologies Product: WinMX Version: <= 2.6 Website: http://www.winmx.com/ BID: 7771 Description: WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular. Especially amongst users on private networks. I believe this is largely due to the fact that 2.6 does not have the option to output .wsx file (WinMX server list files) This helps keep the addresses for private OpenNap servers out of the hands of uninvited users (amongst other reasons). Problem: The problems with WinMX 2.6 is that it provides pretty much NO password protection. This can be exploited both locally and remotely. Again, I think all of us have seen the bad habit that most people have of using the same password for multiple accounts etc etc. Local Exploitation: There several ways to exploit this issue locally. One is to just edit a particular server, and upon doing so the username and pass are presented in plaintext, and the other way is to open the nservers.dat file in the WinMX directory. Remote Exploitation: Even though the passwords are encrypted by such servers as SlavaNap etc, they are passed to the server in plaintext, so any malicious server owner with a packet sniffer can exploit this vuln. Conclusion: I realized this issue back when 2.6 was the current release, but never reported it because VERY shortly thereafter a new version of WinMX was available. However with the substantial number of 2.6 users still around I felt it was best that this vulnerability become official, as there is nothing about it on google etc that i was able to find. So to anyone using 2.6 i offer this advice. Do not use a password for WinMX 2.6 that you use for other accounts at the very least. Hope this helps some of the 2.6 users out. Cheers Solution: Upgrade to the latest version of WinMX Credits: James Bercegay of the GulfTech Security Research Team.