On Mon, Oct 19, 2009 at 16:13, Carlos Alberto <[email protected]> wrote: > I would like to inform that there is a highly critical vulnerability in the > Pidgin manager account, in the file accounts.xml, that can be found on > C:\Documents and Settings\"user name"\Application data\.purple since all the > passwords for all accounts are saved in this file, when you select "rememeber > password", and they are saved without any kind of encryption, so if somebody > can have access to the computer, that person will have access to all your > accounts not only in Pidgin, but also enter to hotmail, aolmail, gmail, etc, > and steal your personal data. > > And if the PC is a shared PC, there will be a lot of posibilities, that > someone strange or known may get this file and use it for negative purposes. > > This security problem can also be found in the Linux versions. > > So if you please may treat this threat so users can use Pidgin and store > their personal passwords safely. > > Thanks for your attention,
This isn't a security vulnerability and is covered in our FAQ: http://developer.pidgin.im/wiki/PlainTextPasswords -D _______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
