[ http://www.rootshell.com/ ]

Date:         Thu, 11 Jun 1998 13:04:34 -0500
From:         Jeff Forristal <jeff@NEOHAPSIS.COM>
Subject:      Unsecure passwords in Macromedia Dreamweaver

When one saves their ftp passwords in Macromedia Dreamweaver, this
information is written to the registry at
/HKEY_CURRENT_USER/Software/Macromedia/Dreamweaver/Sites/-Site(x)/User PW
The storage scheme used to crypt the password is exactly the same as the
Ws_FTP method, which was reported previously.  Briefly, all characters are
converted to hex, and the offset within the string is added to the value
(starting with 0).

Macromedia has been contacted, and their reply was to the effect that,
while noted, they do not think it severe enough to release a patch;
therefore, it will be corrected in the next major release.

-Jeff Forristal