Vulnerability Development mailing list archives
Re: ICQ Pass Cracker.
From: Inedag () AOL COM (Inedag () AOL COM)
Date: Thu, 27 Jan 2000 20:16:20 EST
In a message dated 1/27/2000 4:51:15 PM Pacific Standard Time, robertw () WOJO COM writes:
I don't know about the latest versions (99b), but I recall that ICQ stored passwords in PLAINTEXT in the .dat file located in <ICQDIR>\db or <ICQDIR>\db99b, etc. I checked my .dat file, and found an old password in there... plain text. I can't seem to get rid of it, so I will just hex
edit
it out. It amazes me how lazy some programmers can be.
I was unable to locate the plaintext password for ICQ99b, beta 3.19, build 2569. I don't have "Save Password" checked, but it obviously doesn't go to the mirabilis servers to verify the password (I have that request-password-for-everything option turned on). I looked into the .dat, and found old messages and chats that I've long since deleted -- sighhh. It seems also to store my smtp and pop servers (never put them in ICQ -- just Eudora), and an apparent encrypted password, in the form of 22 hex bytes. -ine
Current thread:
- Re: ICQ Pass Cracker. Robert Wojciechowski Jr. (Jan 26)
- <Possible follow-ups>
- Re: ICQ Pass Cracker. Aussie (Jan 27)
- Re: ICQ Pass Cracker. Inedag () AOL COM (Jan 27)
- Re: ICQ Pass Cracker. Kerb (Jan 30)