What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Bug Reports » Messenger Plus! 3.x Password Change Security Bypass Vulnerability

Messenger Plus! 3.x Password Change Security Bypass Vulnerability
Author: Message:
m0fo
New Member
*


Posts: 1
Joined: Apr 2005
O.P. Undecided  Messenger Plus! 3.x Password Change Security Bypass Vulnerability
Title: Messenger Plus Password Change Security Bypass Vulnerability
Risk: Medium
Date: 07.04.2005
Publisher: m0fo (editor at sec.org.il)


For More Details: http://sec.org.il/articles.php?a=187

04-12-2005 05:59 PM
Profile E-Mail PM Find Quote Report
Zephyr
Senior Member
****

Avatar
monster.rat

Posts: 950
Reputation: 26
35 / Male / Flag
Joined: Jan 2005
RE: Messenger Plus! 3.x Password Change Security Bypass Vulnerability
I really don't think this is a security risk as the lock for MSN messenger is not something to stop hackers or anything, but to stop users of the same computer from opening your MSN. Also, settings can be saved which save passwords i think, so these can be restored.
[Image: rhcpsig38tj.png]
04-12-2005 06:05 PM
Profile E-Mail PM Find Quote Report
Patchou
Messenger Plus! Creator
*****

Avatar

Posts: 8607
Reputation: 201
43 / Male / Flag
Joined: Apr 2002
RE: Messenger Plus! 3.x Password Change Security Bypass Vulnerability
yeah I saw that, it's just a bunch of crap which doesn't mean anything... if you're afraid that people are going to steal your MSN password because of Plus!, don't worry, it's not going to happen.. the poster of this article is merely talking about how to deactivate station lock when it's active... talk about a medium risk, he must be working for the Microsoft Anti-Spyware team.
[Image: signature2.gif]
04-12-2005 06:07 PM
Profile PM Web Find Quote Report
Stigmata
Veteran Member
*****



Posts: 3520
Reputation: 45
21 / Other / Flag
Joined: Jul 2003
RE: Messenger Plus! 3.x Password Change Security Bypass Vulnerability
i saw that he put 'Messenger Plus' as the header, and didnt feel it nessairy to carry on..

edit:
i said MSN Plus not messenger plus
jeez...
wdz you must be kidding me....

This post was edited on 04-12-2005 at 06:17 PM by Stigmata.
04-12-2005 06:15 PM
Profile PM Web Find Quote Report
RaceProUK
Elite Member
*****

Avatar

Posts: 6073
Reputation: 57
39 / Male / Flag
Joined: Oct 2003
RE: Messenger Plus! 3.x Password Change Security Bypass Vulnerability
code:
if (RegOpenKey(HKEY_CURRENT_USER, keyPath, &hKey) == ERROR_SUCCESS) {
        RegDeleteValue(hKey, "DataP");
        RegDeleteValue(hKey, "UDataP");
    }
    RegCloseKey(hKey);
If the password was protecting something important, would it be that easy?
[Image: spartaafk.png]
04-12-2005 06:27 PM
Profile PM Web Find Quote Report
Patchou
Messenger Plus! Creator
*****

Avatar

Posts: 8607
Reputation: 201
43 / Male / Flag
Joined: Apr 2002
RE: Messenger Plus! 3.x Password Change Security Bypass Vulnerability
lol.. well, anyone smart enough to delete those registry keys is smart enough to find another way so... :p
[Image: signature2.gif]
04-13-2005 05:45 AM
Profile PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On