漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
漏洞信息
N/A
漏洞
N/A
漏洞
MSN Messenger CryptUnprotectData程序原始密码获取漏洞
漏洞信息
MSN Messenger 7.5中的"记住我的密码"功能,将密码以加密格式存储在HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds注册表键中,这可能让本地用户通过调用CryptUnprotectData的程序获取原始密码,如"MSN Password Recovery.exe"程序所示。注意:可能有争议称,仅本地密码恢复是固有的不安全问题,因为解密方法和密钥必须存储在本地系统上的某个位置中,所以原本就是通过不同程度的努力即可访问这些数据的。可能此
漏洞信息
N/A
漏洞
N/A