Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MSN Messenger CryptUnprotectData程序原始密码获取漏洞
Vulnerability Description
MSN Messenger 7.5中的"记住我的密码"功能,将密码以加密格式存储在HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds注册表键中,这可能让本地用户通过调用CryptUnprotectData的程序获取原始密码,如"MSN Password Recovery.exe"程序所示。注意:可能有争议称,仅本地密码恢复是固有的不安全问题,因为解密方法和密钥必须存储在本地系统上的某个位置中,所以原本就是通过不同程度的努力即可访问这些数据的。可能此
CVSS Information
N/A
Vulnerability Type
N/A