CVE-2002-2412 — Winamp vulnerability

CWE-2552 documents2 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 62.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 31

Latest updateApr 30

Description

Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDnullsoft/winamp2.80

🔴Vulnerability Details

GHSA

GHSA-qgq9-f53g-r2wq: Winamp 2↗2022-04-30

▶