Linked by Eugenia Loli on Wed 23rd May 2007 00:46 UTC
Privacy, Security, Encryption Today, while I was trying to create a SIP Presence account for VoIPBuster, Pidgin kept crashing. I had to find its settings in my personal folder in order to manually edit the accounts.xml file and remove the entry (so Pidgin could start up again normally instead of keep crashing on load). When I opened the accounts.xml file with a plain text editor, all the passwords of all my accounts were listed out in the open in plain text. This is not a new issue, it was discussed many times before, but it can still be a surprise for most users.
Thread beginning with comment 242559
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Non-issue
by mikelward on Wed 23rd May 2007 04:14 UTC in reply to "RE: Non-issue"
mikelward
Member since:
2007-03-22

"It is better to have SOMETHING, than having what we have now, which is one big fat *nothing*".

Not true, you have file system permissions.

The feature is only used when you tick "Remember password", and then it can only be viewed by users with read permissions on your profile directory (usually only you and the system administrator).

Firefox even has a "Show Passwords" button in the options window to show all saved passwords. Is that also a security bug?

Reply Parent Score: 4

RE[3]: Non-issue
by rain on Wed 23rd May 2007 08:29 in reply to "RE[2]: Non-issue"
rain Member since:
2005-07-09

afaik, the "show passwords" button only shows the domain name and username so you can manage the passwords.

Reply Parent Score: 1

RE[4]: Non-issue
by StephenBeDoper on Wed 23rd May 2007 16:54 in reply to "RE[3]: Non-issue"
StephenBeDoper Member since:
2005-07-06

Tools > Options > Security > Show Passwords > Show Passwords > "Are you sure" dialog > yes

Reply Parent Score: 4