hozarares Posted November 24, 2009 Report Posted November 24, 2009 I was just looking for some configuration files in Pidgins working directory "~/.purple/" and found this:1.... 2.-rw------- 1 victor users 22939 Nov 23 19:34 accounts.xml 3....Well I wouldn't have payed to much attention at that file, if it had not contained this:01.$ head accounts.xml 02.<?xml version='1.0' encoding='UTF-8' ?> 03. 04.<ACCOUNT version="1.0"> 05. <ACCOUNT> 06. <PROTOCOL>prpl-msn</PROTOCOL> 07. <NAME>******@hotmail.de</NAME> 08. <PASSWORD>**</PASSWORD> 09. <ALIAS>v****</ALIAS> 10. <STATUSES> 11. 12....Plaintext passwords? I couldn't believe it. So I searched on Pidgins Wiki site for some entries justifing this (in)secure measurement. And indeed I found one:PlainTextPasswords ? Pidgin ? TracAcest mic articol l`am luat de pe un site....da nu`l mai gasesc ..... Quote
wvw Posted November 24, 2009 Report Posted November 24, 2009 Aici?http://dornea.nu/articles/2009/11/23/pidgin-stores-account-data-plaintext Quote
hozarares Posted November 24, 2009 Author Report Posted November 24, 2009 Asta`i !!! multzam fain....... Quote
Nytro Posted November 25, 2009 Report Posted November 25, 2009 Cred ca se stia de mult asta. Eu am vazut cam de cand am inceput sa folosesc Linux, si voiam sa fac un stealer... Quote
