The Site Configuration feature allows the user to configure the settings for acessing, down/upload files to the server from their local machine. The encryption method designed to obfuscate passwords can be easily defeated.
As a result, anyone who can get access to the registry, can gain access to the user FTP Site (where most of the time a website will be stored)
Exploit:
#!/usr/bin/perl -w
#
# Macromedia Site FTP Pass Hash Cracker
# \HKEY_CURRENT_USER\Software\Macromedia\Dreamweaver\Sites\-Site[]\User PW
#
# Tested on Dreamweaver 4, may work on other versions
# The way the pass is stored is too weak as you can see
#
# Dreamweaver is the most used html/web editor arround, try it:
# http://www.macromedia.com
#
# inode@irc.brasnet.org #unsekure || alexandre@nettion.com.br
