How to hack pidgin, beware pidgin password storing vulnerability

5:10 PM

"Are you pidgin user ?", we have a tips for you ...
There is a security issue regarding passwords storing in pidgin, you should have to think back when using automatic login through "remember password" on this application. Why? Because pidgin will store your account password in plain text it's mean that pidgin save your password in clear text without any encryption. If you are using ubuntu or other distro the account settings stored in /home/<user>/.purple/accounts.xml. and for windows user the file will strored in C:\Documents and Settings\user\Application Data\.purple\accounts.xml.
Pidgin save password screenshoot
If you enable remember password, you will find tags  <password> in that file (accounts.xml) then followed by your account password. And yes, "naked" just like that..
Pidgin password stored in accounts.xml
There's still vulnerabilities regarding passwords storing in pidgin, our suggestion is don't activate automatic login using "remember password" while using pidgin, cause you have been stripped..

0 comments:

Post a Comment