Pidgin store passwords in clear text!!!!

by
Share this Article: Facebook0Google+0Twitter0LinkedIn0Reddit0StumbleUpon0

For pidgin users , there is a security issue regarding storing passwords in pidgin, so this program stores the passwords in archives .xml in clear text without any encryption. So any one can easily boot into recovery mode while you are away and find all your passwords in plain text. Then he can just copy the password files and opps he will got all the passwords easy way.




Read more at wiki page devellopment at http://developer.pidgin.im/wiki/PlainTextPasswords

See how pidgin store your passwords :

1- List all the content of .purple/

ls .purple/
Output
accels blist.xml icons prefs.xml status.xml

accounts.xml certificates logs smileys

2- Now open the file accounts.xml

cd .purple/

and type

gedit accounts.xml

See this how it looks like , the password in clear text

How to secure your pidgin accounts and passwords ?

Now actually if you want to secure your pidgin accounts and passwords, you need to use patch called Master password patch for Pidgin

Follow the installation steps in this post at ubuntu forums

But my advise is : Don`t autosave password in Pidgin for the moment, this mean that you have to type your password everytime you want to login to one of your accounts in pidgin, i see this as the safest way for the moment, because if you have to type the a password everytime you try to login  , the password will not be stored in accounts.xml.

You can also see our article :  Encrypt data in Linux/Unix


Links :

For questions please refer to our Q/A forum at : http://ask.unixmen.com/


Share this Article: Facebook0Google+0Twitter0LinkedIn0Reddit0StumbleUpon0