The Exploit Database is maintained by Offensive Security, an information security training company Printf( "Just put the path to Trillian INI file as command-line\n" Int strIs(const char *subj, const char *eq) įor ( x = 0 x 96 ) & ( string strlen(haystack) ) Int strBeginsWith(const char *needle, const char *haystack) * It will then display a list of usernames, "encrypted" passwords, and plaintext * This program takes, as command line argument(s), path(s) to these INI files. * passwords are encrypted using a simple XOR with a key apparently uniform * C:\Program Files\Trillian\ ), it appears that passwords are stored in * Upon examination of the Trillian directory (which defaults to * Messenger and IRC in a single, sleek and slim interface." Connect to ICQ�, AOL Instant Messenger(SM), MSN Messenger, Yahoo! * Trillian is, according to, ".everything you need for instant * getting the password from Trillian, or Wells Fargo?
* shattering is that? However, since a lot of people * if someone can get into your AIM account, how earth. * if the subject has saved their password, and really * Issue: Weak "encryption" of saved passwords. * Software: Trillian 0.73, possibly others. Local attackers may potentially exploit this weakness to gain access to another user's instant messaging credentials. The credentials are encrypted by using XOR with a static key that is used with every installation of the software. The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services.
0 kommentar(er)
