LiveZilla versions prior to 5.1.1.0 suffer from a local password disclosure vulnerability.
006c7e335ba63cc2c9987933dc23afb5010f912c0b7463620fd4a36bfda4895e
Security Advisory - Curesec Research Team
=========================================
1. Introduction
----------------
Advisory ID: Cure-2013-1008
Advisory URL: https://www.curesec.com/
Affected Product: Prior LiveZilla version 5.1.1.0
Affected Systems: Windows
Vendor Contact: support@livezilla.net
Vulnerability Type: Local Password Disclosure
Remote Exploitable: No
Reported to Vendor: 18.10.2013
Disclosed to Public: 28.11.2013
Release mode: Coordinated release
CVE: CVE-2013-6223
Credentials: crt@curesec.com
2. Vulnerability Description
----------------------------
An 1click file that allows an admin to log into LiveZilla using a mouse
click is saved in a xml representation. This xml file includes the admin
username and password in plaintext.
Base64 is not an encryption mechanism. If an attacker is able to get
access to a 1click file he can easily open the file and discover
username and password for an administrator.
3. Proof of Concept Codes:
--------------------------
Just open the xml based onclick file.
4. Report Timeline
------------------
18.10.2013 Informed Vendor about Issue
21.10.2013 Vendor confirmed issue
21.10.2013 Informed about planned removal of the file
21.11.2013 Vendor published new version with fix
28.11.2013 Disclosed to public