Re: Google Talk cleartext proxy credentials vulnerability

Date: 10/15/05

  • Next message: Thierry Carrez: "[ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues"
    Date: Sat, 15 Oct 2005 23:40:08 +0400


    Again and again. HKEY_CURENT_USER is accessible for user only. If one
    can access user's account he can recover _any_ stored password, because
    he can do everything user can.

    The only additional reason, storing password in registry is not good, is
    password can be easily recovered by someone with physical access to hard
    drive. It's only attack vector comparing with different password store,
    for example protected storage.

    --Friday, October 14, 2005, 3:06:55 PM, you wrote to

    mrau> and are located under

    mrau> HKEY_CURRENT_USER\Software\Google\Google
    mrau> Talk\Accounts\[username]\pw

    Итак, я буду краток. (Твен)

  • Next message: Thierry Carrez: "[ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues"

    Relevant Pages

    • Re: Restoring Deleted Admin A/Cs
      ... Once an account is deleted, ... using a third-party program in an attempt to recover files. ... Search and Recover is a powerful arsenal of tools designed to instantly ... Can anyone let me know if its possible to restore the deleted account? ...
    • Re: EFS with no Administrator Certificate
      ... For lots of info about EFS, ... > user password via the administrator account). ... >>> when I tried to log into the administrator account I ... >>> recover the encrypted file; ...
    • Re: Recovering su password
      ... You can't recover passwords. ... that copy of the account password is stored using a simple XOR ... user's keychain may have the password to the other accounts. ... to access it in single user mode), but there is no request for a ...
    • Re: would you believe it
      ... Most likely you created a new user account - rather oddly, ... My Received Files (incoming files and malware from IM) ... If you're on NTFS and make your files private, ... If you're trying to recover data, your first obstacle is NTFS - ...
    • Re: Unable to Decrypt Encrypted files
      ... Since the original account information in unavailable, there is no way to recover any of your encryption certificates. ... keys his data is gone. ...