CVE-1999-1369
published 1999-04-14CVE-1999-1369: Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
PriorityP411medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.88%
54.4th percentile
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
RealNetworks RealServer 6.0.3.353 Password rmserver.cfg cleartext storage
vuldb·2026-04-19·CVSS 4.6
CVE-1999-1369 [MEDIUM] RealNetworks RealServer 6.0.3.353 Password rmserver.cfg cleartext storage
A vulnerability was found in RealNetworks RealServer 6.0.3.353. It has been rated as problematic. Affected by this issue is some unknown functionality of the file rmserver.cfg of the component Password Handler. The manipulation leads to cleartext storage of sensitive information.
This vulnerability is traded as CVE-1999-1369. An attack has to be approached locally. There is no exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-22jg-rc3r-96wc: Real Media RealServer (rmserver) 6
ghsa_unreviewed·2022-04-30
CVE-1999-1369 [MEDIUM] GHSA-22jg-rc3r-96wc: Real Media RealServer (rmserver) 6
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
1999-04-14
Published