Shoutbox

Title: Messenger Plus Password Change Security Bypass Vulnerability
Risk: Medium
Date: 07.04.2005
Publisher: m0fo (editor at sec.org.il)


For More Details: http://sec.org.il/articles.php?a=187

I really don't think this is a security risk as the lock for MSN messenger is not something to stop hackers or anything, but to stop users of the same computer from opening your MSN. Also, settings can be saved which save passwords i think, so these can be restored.

yeah I saw that, it's just a bunch of crap which doesn't mean anything... if you're afraid that people are going to steal your MSN password because of Plus!, don't worry, it's not going to happen.. the poster of this article is merely talking about how to deactivate station lock when it's active... talk about a medium risk, he must be working for the Microsoft Anti-Spyware team.

i saw that he put 'Messenger Plus' as the header, and didnt feel it nessairy to carry on..

edit:
i said MSN Plus not messenger plus
jeez...
wdz you must be kidding me....

code:

---

if (RegOpenKey(HKEY_CURRENT_USER, keyPath, &hKey) == ERROR_SUCCESS) {
        RegDeleteValue(hKey, "DataP");
        RegDeleteValue(hKey, "UDataP");
    }
    RegCloseKey(hKey);

---

If the password was protecting something important, would it be that easy?

lol.. well, anyone smart enough to delete those registry keys is smart enough to find another way so...