Info

Disclosure

Aug 05, 2005

Discovery

Unknown

Dates

Exploit

Aug 05, 2005

Solution

Unknown

Description

Gaim contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords within the file accounts.xml, which may lead to a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds: - Require password to open accounts.xml - Set the accounts.xml readable to owner only - Don't store passwords (Gaim default configuration)

Products

Gaim	gaim	1.4.0
		1.3.1
		1.3.0
		1.2.1

References

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0086.html
Vendor Specific Advisory URL: http://gaim.sourceforge.net/plaintextpasswords.php

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Gaim

gaim

References

Credit