|
Bugtraq
mailing list archives
Re: Trillian Ver 3.1 saves password's in plain Text
From: Technica Forensis <forensis.technica () gmail com>
Date: Wed, 3 Aug 2005 08:48:29 -0400
I have Trillian Pro 3.1 Build 121 on Windows XP and can't duplicate this
I can, with that exact same build. My system is never shutdown so
Trillian is always on. There are files in there that are several
weeks old that contain my yahoo! username and password. The files are
all named /sfd\d\d\.html/ and contain the lines:
<html>
<head>
<script>
<!-- var username; username='########'; var password;
password='########'; function submit () {
document.getElementById('login').value=username;
document.getElementById('passwd').value=password;
document.getElementById('login_form').submit(); }; //--> </script>
</head> <body onLoad='submit();'> <form method=post
action="https://login.yahoo.com/config/login";
and so on, and so on...
It's seems to me this file should be deleted as soon as the connection
is made instead of on exit. Definately something that needs to be
fixed.
 By Date 
By Thread
Current thread:
| 
Intro
