securiteam.com — When you choose the option to check your Yahoo email in Trillian (Check Yahoo Mail), Trillian creates a temp file in the usersdefaultcache directory with a random name that contains the Yahoo password in clear text. Further, this file is world readable, and the logout process doesn't erase it.
Aug 2, 2005 View in Crawl 4
logikAug 3, 2005
vote this one lame, it's not even true
flatlineAug 3, 2005
*lame*
Closed AccountAug 3, 2005Submitter
you guys are a bunch of retards. no, i didn't make the story up. it is on the secureiteam site. duh.
eviliuAug 3, 2005
Uh, this doesn't link to his blog..I just confirmed this for myself. Trillian 3.1 Basic build 121Correct username and password in plain text.
davalfAug 3, 2005
Do Not Vote This LameIt is true everyone saying otherwise is just not looking for it correctly.it is exactly where it says in the article: TrillianusersdefaultcacheTrillian MUST BE RUNNING however and you have to go to the "Check Yahoo! Mail..." option under the account and it then creates an html file that you can view in notepad that displays the password in plaintext
purpleacidAug 4, 2005
Yeah, I tried 2 different versions of Trillian (version 3 and older version 2) and neither have the folder nor this file you speak of. That's even after checking my Yahoo mail (which I don't use) and Trillian auto-logging in for me. Whatever.
elusiveAug 7, 2005
Gaim saves your passwords in plaintext in an xml file in your home dir. Also, for most protocols you send the password plaintext over the line.
sneakyoneSep 29, 2005
If you need a password for Hotmail, Yahoo, AOL, GMail, and others, then please visit www.needapassword.com