[Pidgin] #14674: Pidgin passwords unprotected? WHAT?!

Pidgin trac at pidgin.im
Sat Oct 15 20:42:55 EDT 2011

#14674: Pidgin passwords unprotected? WHAT?!
 Reporter:  dksvertix                       |     Owner:  rekkanoryo
     Type:  defect                          |    Status:  new       
Component:  unclassified                    |   Version:  2.10.0    
 Keywords:  passwords unsecure unprotected  |  
 What kind of moron stores passwords in unprotected, unencrypted, easily to
 read text files? '''An encryption of accounts.xml is crucial!'''''''' If
 an attacker doesn't know, how to unencrypt the file, then that may save
 somebody's life! So amateurs can't access your private data and only
 specialists can - this will decrease the attackers amount.
 As I understand from reading previous tickets about insecure password
 storage, you don't give a sh#$ about privacy at all.
 So, since you can't and/or won't encrypt accounts.xml, then, how about
 instead writing a huge red warning box under "remember password" box,
 telling the user: '''"It's crucial, that you do not select this box, since
 everybody can read your passwords from accounts.xml file!"'''
 Like is it really that hard to make something as secure as LastPass or
 TrueCrypt? Even Google Talk's current password encryption is sufficient.

Ticket URL: <http://developer.pidgin.im/ticket/14674>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list