msn.messanger.weak.crypto.txt

1999-10-28T00:00:00
ID PACKETSTORM:11614
Type packetstorm
Reporter Underground Security Systems Research
Modified 1999-10-28T00:00:00

Description

                                        
                                            ` From: Luciano Martins <luck@USSRBACK.COM   
To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>  
Sent: Wednesday, October 27, 1999 2:36 PM  
Subject: MSN Messenger Service 1.0 Problem: The encryption   
algorithm used is  
weak and easily broken.  
  
  
MSN Messenger Service 1.0  
  
Problem: The encryption algorithm used is weak and easily broken.   
  
MSN Messenger Service allows users to save their email password using the  
"Save this password so I don't have to enter it every time i log on"   
checkbox when try to logon in the Messenger Service. The email and the  
password are stored in the registry key  
  
KEY_CURRENT_USER\Identities\{9C53B920-A2E8-11D1-A59D-008048B12  
C6E}\Software\ Microsoft\MessengerService\PasswordMSN Messenger Service  
  
{9C53B920-A2E8-11D1-A59D-008048B12C6E} = this change in all machines  
  
  
This information can be decripted using the  
MessengerServiceEmailPasswordDumper 1.0  
  
Published by: Ussr  
  
Solution:  
If a user does not check the 'Save this password so I don't have to enter  
it every time i log on' checkbox prevents the password from being stored  
and decripted.  
  
MessengerServiceEmailPasswordDumper 1.0 binary for i386 or source code go  
to wwww.ussrback.com/MSNMS10/  
  
  
  
`