Password Storage Vulnerability in MSN Messenger 7.5 by Microsoft
CVE-2006-0363

Currently unrated

Key Information:

Vendor: Microsoft
Status: Msn Messenger
Vendor: CVE Published:; 22 January 2006

Summary

The 'Remember my Password' feature in MSN Messenger 7.5 retains user passwords in an encrypted format within a specific Windows registry key. This method of storing credentials can potentially allow local users to retrieve the original passwords by utilizing decryption methods available on the system, such as those implemented in the 'MSN Password Recovery.exe' utility. Given the inherent access to decryption keys and methods on local machines, the overall security of this password storage mechanism can be significantly compromised, posing a risk to user privacy.

References

http://www.securityfocus.com/archive/1/421921/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/422283/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.msn-password-recovery.com/

x_refsource_MISC

Timeline

Vulnerability published
Jan 22, 2006
Vulnerability Reserved
Jan 22, 2006