Потенциальная уязвимость?

David Woolley forums at david-woolley.me.uk
Tue Feb 21 04:03:17 EST 2012


Chawoosh wrote:
> 
> On Tue, 21 Feb 2012 12:25:31 +0400
> Кирилл Миньков <minkov_k at arendada.com> wrote:

>>
>> Translated with google.com:
>> Hello! Today, accidentally discovered that Pidgin stores all the
>> information about the login and password in the file
>> %APPDATA%\Roaming\.purple\accounts.xml unencrypted. In my opinion it

It only does this if you ask it to save the passwords.  The official 
policy (and there is a web article somewhere that explains this, as it 
is so something of an FAQ) is that to do anything else would give a 
false sense of security; reverse engineering open source software to 
find out how it encrypts is rather easy.

>> is a potential security hole and beg in the next patch to fix it and
>> to encrypt the stored personal information.

-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.



More information about the Support mailing list