Good day,
I would like to inform that there is a highly critical vulnerability in the
Pidgin manager account, in the file accounts.xml, that can be found on
C:\Documents and Settings\"user name"\Application data\.purple since all the
passwords for all accounts are saved in this file, when you select "rememeber
password", and they are saved without any kind of encryption, so if somebody
can have access to the computer, that person will have access to all your
accounts not only in Pidgin, but also enter to hotmail, aolmail, gmail, etc,
and steal your personal data.
And if the PC is a shared PC, there will be a lot of posibilities, that someone
strange or known may get this file and use it for negative purposes.
This security problem can also be found in the Linux versions.
So if you please may treat this threat so users can use Pidgin and store their
personal passwords safely.
Thanks for your attention,
Arq. Carlos Restrepo
gato303co (at) yahoo.c0.uk
_______________________________________________
[email protected] mailing list
Want to unsubscribe? Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support
