CVE-2006-0363
MSN Messenger 7.5 stores passwords in an encrypted form under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds. Local users may recover originals by calling CryptUnprotectData (as demonstrated by the MSN Password Recovery.exe tool). The issue highlights that decryption methods and keys resi...