<div> </div>
<div>Hi,</div>
<div> </div>
<div>If i am right Google Talk Beta Messenger cleartext credentials in process memory still exist on the current version.</div>
<div>googles answer for this issue:</div>
<div><font style="BACKGROUND-COLOR: #ffff00">plain char -> hex char</font></div>
<p> </p>
<p>6ackpace</p>
<div><span class="gmail_quote">On 11/29/05, <b class="gmail_sendername">Jaroslaw Sajko</b> <<a href="mailto:sloik@parareal.net">sloik@parareal.net</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">pagvac wrote:<br>> Title: Google Talk Beta Messenger cleartext credentials in process memory<br>><br>
><br>> Description<br>><br>> Google Talk stores all user credentials (username and password) in<br>> clear-text in the process memory. Such vulnerability was found on<br>> August 25, 2005 (two days after the release of Google Talk) and has
<br>> already been patched by Google.<br>><br>> This issue would occur regardless of whether the "Save Password"<br>> feature was enabled or not.<br><br>The same issue concerns many applications, ie. Gadu-Gadu - another
<br>instant messenger. In my opinion such "vulnerabilities" are not worthy<br>publishing (for Gadu-Gadu we have not published this kind of software<br>behaviour) because if you can dump other user process or trick him to
<br>execute any code then reading the password from the process memory is<br>only one of many things which you can do.<br><br>regards,<br>js<br>_______________________________________________<br>Full-Disclosure - We believe in it.
<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/
</a><br></blockquote></div><br>