IM, Email Passwords Are Stored as Plain Text
See bug 8146
|
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Well, this doesn't seem to apply to my device. Isn't this only if you've taken a full backup?
|
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
file:///home/user/.rt-accounts/accounts.cfg
could not find there but here: file:///home/user/.rtcom-accounts/accounts.cfg |
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Oh.. now i see... That's just plain stupid...
|
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Very nice catch, already verified that
file:///home/user/.rtcom-accounts/accounts.cfg in Web let me know all my friends' IM passwords in their N900. |
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
also I've noticed that the autocomplete function caches my passwords too. Yesterday a frend of mine was composing an email with my N900 and the device suggested my passwords to him. Grr
|
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Well, to put things into perspective I believe that not having them there in plaintext would only serve as making it slightly more difficult to do this as the software still has to decrypt and send the passwords when logging in and it would not be a major problem to snatch them if you have physical access to the system said software is running on.
|
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Quote:
|
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Quote:
.edit skype is also in plain text and i have made backup |
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
Quote:
|
All times are GMT. The time now is 05:41. |
vBulletin® Version 3.8.8