Bugtraq mailing list archives

RE: Ability to read buddy list of AIM users

From: emann () questinc org
Date: Mon, 15 Apr 2002 13:09:40 -0400

I think this depends on the version of AIM and if it is an upgrade install
or clean install.  I've been using AIM on my Win2K Machine at home for 2
years now and it still contunues to use \winnt\aim95 directory.

The newer versions may have taken to using the \documents and settings\
locations, but if you are upgrading from older versions that did not, it
still continues to use \winnt\aim95\



-----Original Message-----
From: Andrew J. Stackhouse [mailto:ajs () codewolf com]
Sent: Monday, April 15, 2002 12:25 PM
To: sunny licious; bugtraq () securityfocus com
Subject: Re: Ability to read buddy list of AIM users


Actually on my Win2k install (AIM version 4.7.2480), the file is in:
C:\Documents and Settings\<w2k user name>\Application Data\Aim\<AIM User
Name>

which would not be accessable by anyone but the user or someone with
Administrator's rights



----- Original Message -----
From: "sunny licious" <sunnylicious () hotmail com>
To: <bugtraq () securityfocus com>
Sent: Monday, April 15, 2002 11:30 AM
Subject: Ability to read buddy list of AIM users



Ive been able to do this on publicly accessible
 computers...such as university labs...You can see
 the buddy list of other people who have signed on to
 AIM on that computer. On win2k in the folder named
 winnt/AIM95/"screenname" there is a file called
 userinfo.bag which stores all the names on your
 buddy list...all you have to do is traverse to a different
 screenname directory and open up the file with any
 editor. In win XP the folder is in
 winnt/system32/aim95. This pretty much works on
 any OS although I havent tried linux and Mac yet.
 Although this may not be a serious threat, its pretty
 much a violation of privacy...and that is a right we all
 have correct?? corrrect..Its pretty easy for anyone
 being nosy to start harrasing people on your buddy
 list. I hope this isnt a repost. Contacting AOL also
pretty much all that needs to be done is check out the
aim95 folder for a file called userinfo.bag

Current thread:

Ability to read buddy list of AIM users sunny licious (Apr 15)
- Re: Ability to read buddy list of AIM users Andrew J. Stackhouse (Apr 15)
- Re: Ability to read buddy list of AIM users Eugene Medynskiy (Apr 17)
- <Possible follow-ups>
- RE: Ability to read buddy list of AIM users emann (Apr 16)
- RE: Ability to read buddy list of AIM users emann (Apr 16)