Critical security vulnerability

Carlos Alberto gato303co at yahoo.co.uk
Mon Oct 19 16:13:58 EDT 2009


Good day,

I would like to inform that there is a highly critical vulnerability in the Pidgin manager account, in the file accounts.xml, that can be found on C:\Documents and Settings\"user name"\Application data\.purple since all the passwords for all accounts are saved in this file, when you select "rememeber password", and they are saved without any kind of encryption, so if somebody can have access to the computer, that person will have access to all your accounts not only in Pidgin, but also enter to hotmail, aolmail, gmail, etc, and steal your personal data.

And if the PC is a shared PC, there will be a lot of posibilities, that someone strange or known may get this file and use it for negative purposes.

This security problem can also be found in the Linux versions.

So if you please may treat this threat so users can use Pidgin and store their personal passwords safely.

Thanks for your attention,

Arq. Carlos Restrepo

gato303co (at) yahoo.c0.uk


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20091019/be3f1615/attachment.htm>


More information about the Support mailing list