OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brenna Primrose (drxlecter_at_phreaker.net)
Date: Mon Sep 09 2002 - 13:26:42 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This bug has been known for at least a few months. Nothing new here...

    http://lists.insecure.org/vuln-dev/2002/Jun/0060.html

    http://profiles.yahoo.com/absolut_contagion
    http://gsa.creighton.edu
    AIM - absolutxpsycho
    Yahoo! - absolut_contagion
    ICQ - 1363187
    MSN - r00tcreighton.edu
    -----BEGIN GEEK CODE BLOCK-----
    Version: 3.12
    GSS d-- s: a-- C++ UL++++ P+ L+ E W++ N+ o-- K- w+
    O-- M V-- PS++ PE Y+ PGP- t-- 5-- X++ R- tv+ b+++ DI D+
    G e* h- r++ x+
    ------END GEEK CODE BLOCK------
    -----Original Message-----
    From: Evan Nemerson [mailto:enemersoncoeus-group.com]
    Sent: Monday, September 09, 2002 4:20 AM
    To: bugtraqsecurityfocus.com; vulnwatchvulnwatch.org;
    submissionspacketstormsecurity.org; newssecuriteam.com
    Subject: Trillian weakly encrypts saved passwords

    Software:
    Trillian 0.73, possibly other versions.

    Issue:
    Weak "encryption" of saved passwords.

    Impact:
    Decryption of saved passwords.

    Vendor notified:
    3 Sept., 2002. No response.

    Severity:
    Medium. ish. The program only works locally, and only if the subject
    has saved their password, and really if someone can get into your AIM
    account, how earth-shattering is that??? However, since a lot of people
    use
    the same password for everything...

    ---------------------

    Trillian is, according to trillian.cc, "...everything you need for
    instant
    messaging. Connect to ICQR, AOL Instant Messenger(SM), MSN Messenger,
    Yahoo!
    Messenger and IRC in a single, sleek and slim interface."

    Upon examination of the Trillian directory (which defaults to C:\Program

    Files\Trillian\ ), it appears that passwords are stored in ini files
    that are
    located in {Path to Trillian}\users\{WindowsLogon}. The passwords are
    encrypted using a simple XOR with a key apparently uniform throughout
    every
    installation.

    The attached program takes, as command line argument(s), path(s) to
    these INI
    files. It will then display a list of usernames, "encrypted" passwords,
    and
    plaintext passwords.

    Evan Nemerson
    enemersoncoeus-group.com
    http://www.coeus-group.com