![]() ![]() * It will then display a list of usernames, "encrypted" passwords, and plaintext * This program takes, as command line argument(s), path(s) to these INI files. * passwords are encrypted using a simple XOR with a key apparently uniform * C:\Program Files\Trillian\ ), it appears that passwords are stored in * Upon examination of the Trillian directory (which defaults to * Messenger and IRC in a single, sleek and slim interface." Connect to ICQ�, AOL Instant Messenger(SM), MSN Messenger, Yahoo! * Trillian is, according to, ".everything you need for instant * getting the password from Trillian, or Wells Fargo? * shattering is that? However, since a lot of people * if someone can get into your AIM account, how earth. * if the subject has saved their password, and really * Issue: Weak "encryption" of saved passwords. * Software: Trillian 0.73, possibly others. Local attackers may potentially exploit this weakness to gain access to another user's instant messaging credentials. ![]() The credentials are encrypted by using XOR with a static key that is used with every installation of the software. The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services.
0 Comments
Leave a Reply. |