Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Security

Submission + - AIM6 gives passwords to crackers on silver platter

imunfair writes: "I've been playing around with AIM6/Triton, and managed to replicate their login sequence — it's extremely insecure and I would suggest avoiding it at all costs. Also of note, the AIM6 passwords are stored encoded in the registry under:

HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

Yes, that's right, I said the password is encoded/encrypted there is no hashing involved so it is possible to extract plaintext passwords from the registry! I'm still working on figuring out how it is encoded/encrypted, but I should say it is definitely a block encryption, working on 8 byte blocks. Possibly DES. The whole thing is prefaced with 8 bytes which are not part of the password, and the whole shebang is then base64 encoded and placed in your registry for anyone to grab and decrypt."

Slashdot Top Deals

Some of my readers ask me what a "Serial Port" is. The answer is: I don't know. Is it some kind of wine you have with breakfast?

Working...