Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
NullSoft's WinAmp contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when a user elects to provide username:password credentials for authenticated proxy functionality. The username:password combination is stored in WinAmp's winamp.ini in the installation directory, and this configuration file inherits the installation directory's ACLs. In many cases, this includes Users:Read access.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Do not provide WinAmp with proxy credentials.
If authenticated proxy functionality is required, adjust the ACLs on winamp.ini to prohibit other users from reading the contents of the file, and employ EFS to help mitigate the risk of password disclosure.