Bugtraq mailing list archives
Re: Trillian Ver 3.1 saves password's in plain Text
From: Technica Forensis <forensis.technica () gmail com>
Date: Wed, 3 Aug 2005 08:48:29 -0400
I have Trillian Pro 3.1 Build 121 on Windows XP and can't duplicate this
I can, with that exact same build. My system is never shutdown so
Trillian is always on. There are files in there that are several
weeks old that contain my yahoo! username and password. The files are
all named /sfd\d\d\.html/ and contain the lines:
<html>
<head>
<script>
<!-- var username; username='########'; var password;
password='########'; function submit () {
document.getElementById('login').value=username;
document.getElementById('passwd').value=password;
document.getElementById('login_form').submit(); }; //--> </script>
</head> <body onLoad='submit();'> <form method=post
action="https://login.yahoo.com/config/login";
and so on, and so on...
It's seems to me this file should be deleted as soon as the connection
is made instead of on exit. Definately something that needs to be
fixed.
Current thread:
- Re: Trillian Ver 3.1 saves password's in plain Text security curmudgeon (Aug 02)
- RE: Trillian Ver 3.1 saves password's in plain Text Darren Pilgrim (Aug 04)
- Re: Trillian Ver 3.1 saves password's in plain Text Technica Forensis (Aug 04)
- Re: Trillian Ver 3.1 saves password's in plain Text Technica Forensis (Aug 04)
- <Possible follow-ups>
- Re: Trillian Ver 3.1 saves password's in plain Text Suramya Tomar (Aug 04)
- RE: Trillian Ver 3.1 saves password's in plain Text Keith Phillips (Aug 04)
- Re: Trillian Ver 3.1 saves password's in plain Text patrick (Aug 05)
- Re: Trillian Ver 3.1 saves password's in plain Text Suramya Tomar (Aug 09)
- Re: Trillian Ver 3.1 saves password's in plain Text patrick (Aug 05)