CVE-2004-2419

Vulnerability

Keene Digital Media Server 1.0.2 stores user credentials, including usernames and passwords, in a SQLite database file named dmscore.db on the local filesystem. The database file is readable by any local user, as no access controls are enforced on the file. The vulnerability exists in the default installation of version 1.0.2 [1].

Exploitation

An attacker with local access to the system (e.g., a user with a standard user account or physical access) can navigate to the directory containing dmscore.db (typically in the application's data folder) and read the file using any SQLite viewer or a text editor. No authentication or special privileges beyond local file read access are required.

Impact

Successful exploitation allows the attacker to retrieve all stored usernames and passwords in plain text. This compromises the confidentiality of all user accounts configured in the Digital Media Server. An attacker could then use these credentials to access the server remotely or escalate privileges if shared credentials are used elsewhere [1].

Mitigation

No official patch or updated version has been released to address this issue. Users are advised to restrict local file system access to only trusted users, or use file system permissions to limit read access to dmscore.db to the application's own service account. As of the publication date (2004-12-31), no fix is available from the vendor [1].