Critical security vulnerability
Daniel Atallah
datallah at pidgin.im
Mon Oct 19 16:33:27 EDT 2009
On Mon, Oct 19, 2009 at 16:13, Carlos Alberto <gato303co at yahoo.co.uk> wrote:
> I would like to inform that there is a highly critical vulnerability in the Pidgin manager account, in the file accounts.xml, that can be found on C:\Documents and Settings\"user name"\Application data\.purple since all the passwords for all accounts are saved in this file, when you select "rememeber password", and they are saved without any kind of encryption, so if somebody can have access to the computer, that person will have access to all your accounts not only in Pidgin, but also enter to hotmail, aolmail, gmail, etc, and steal your personal data.
>
> And if the PC is a shared PC, there will be a lot of posibilities, that someone strange or known may get this file and use it for negative purposes.
>
> This security problem can also be found in the Linux versions.
>
> So if you please may treat this threat so users can use Pidgin and store their personal passwords safely.
>
> Thanks for your attention,
This isn't a security vulnerability and is covered in our FAQ:
http://developer.pidgin.im/wiki/PlainTextPasswords
-D
More information about the Support
mailing list