COMMAND

    Macromedia Dreamweaver

SYSTEMS AFFECTED

    Win products running Macromedia Dreamweaver

PROBLEM

    Jeff Forristal found following. When one saves their ftp passwords
    in  Macromedia  Dreamweaver,  this  information  is written to the
    registry at:

        /HKEY_CURRENT_USER/Software/Macromedia/Dreamweaver/Sites/-Site(x)/User PW

    The storage scheme used to crypt the password is exactly the  same
    as the Ws_FTP method, which is weak and there are lots of programs
    to break it.   Briefly, all characters  are converted to  hex, and
    the offset within the string is added to the value (starting  with
    0).

SOLUTION

    Macromedia has been contacted, and  their reply was to the  effect
    that, while noted, they do not think it severe enough to release a
    patch; therefore, it will be corrected in the next major release.