Problem: The encryption algorithm used to save passwords to disk is weak and easily broken. Decryption program here.
1b3afabfd5ff939a69eb0863f8806b0965927000c94e385fd52ea151fcac902f
From: Luciano Martins <luck@USSRBACK.COM
To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Sent: Wednesday, October 27, 1999 2:36 PM
Subject: MSN Messenger Service 1.0 Problem: The encryption
algorithm used is
weak and easily broken.
MSN Messenger Service 1.0
Problem: The encryption algorithm used is weak and easily broken.
MSN Messenger Service allows users to save their email password using the
"Save this password so I don't have to enter it every time i log on"
checkbox when try to logon in the Messenger Service. The email and the
password are stored in the registry key
KEY_CURRENT_USER\Identities\{9C53B920-A2E8-11D1-A59D-008048B12
C6E}\Software\ Microsoft\MessengerService\PasswordMSN Messenger Service
{9C53B920-A2E8-11D1-A59D-008048B12C6E} = this change in all machines
This information can be decripted using the
MessengerServiceEmailPasswordDumper 1.0
Published by: Ussr
Solution:
If a user does not check the 'Save this password so I don't have to enter
it every time i log on' checkbox prevents the password from being stored
and decripted.
MessengerServiceEmailPasswordDumper 1.0 binary for i386 or source code go
to wwww.ussrback.com/MSNMS10/