Lucene search
K

msn.messanger.weak.crypto.txt

🗓️ 28 Oct 1999 00:00:00Reported by Underground Security Systems ResearchType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 40 Views

MSN Messenger 1.0 uses weak encryption, allowing easy password recovery from registry.

Code
` From: Luciano Martins <[email protected]   
To: <[email protected]>  
Sent: Wednesday, October 27, 1999 2:36 PM  
Subject: MSN Messenger Service 1.0 Problem: The encryption   
algorithm used is  
weak and easily broken.  
  
  
MSN Messenger Service 1.0  
  
Problem: The encryption algorithm used is weak and easily broken.   
  
MSN Messenger Service allows users to save their email password using the  
"Save this password so I don't have to enter it every time i log on"   
checkbox when try to logon in the Messenger Service. The email and the  
password are stored in the registry key  
  
KEY_CURRENT_USER\Identities\{9C53B920-A2E8-11D1-A59D-008048B12  
C6E}\Software\ Microsoft\MessengerService\PasswordMSN Messenger Service  
  
{9C53B920-A2E8-11D1-A59D-008048B12C6E} = this change in all machines  
  
  
This information can be decripted using the  
MessengerServiceEmailPasswordDumper 1.0  
  
Published by: Ussr  
  
Solution:  
If a user does not check the 'Save this password so I don't have to enter  
it every time i log on' checkbox prevents the password from being stored  
and decripted.  
  
MessengerServiceEmailPasswordDumper 1.0 binary for i386 or source code go  
to wwww.ussrback.com/MSNMS10/  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation