password encription

Pavle Zivkovic zivkovic.pavle at gmail.com
Wed Nov 11 15:25:15 EST 2009


Hi everyone,

I'm writing to you for the first time. I just wanted to ''notify" (although
I suppose that everyone knows that already) that pidgin, even though it is *THE
BEST* IM program that I have seen (and i've been using quite a few of them),
has one big... no, not big... HUUUUUUUUUUUGE flaw... Namely (for win users)
go to folder: C:\Users\<USERNAME>\AppData\Roaming\.purple\ and open file
named: *accounts.xml*
Unfortunately you (and everyone else that has access to your computer) will
be able to *SEE ALL OF YOUR USERNAMES AND PASSWORDS KEPT NON-ENCRYPTED IN
.XML FILE.* (sorry for the capital letters, but I wanted to emphasize the
magnitude of the problem)
It is totally unnecessary to explain why it is a problem, I just wanted to
know if there is any plan for the issue to be resolved in the near future,
as I noticed it in even in early 2.xx versions and it haven't been addressed
throughout the versions (today i am using 2.6.3).

Best regards,
Pavle Zivkovic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20091111/a601f005/attachment.html>


More information about the Support mailing list