Trillian saves email acct. password in plain text

Suramya Tomar discovered an issue with Trillian application (by Cerulean Studios) in which a temp file is created in the <Install Directory>usersdefaultcache with a random name that contains the password in *clear text* if the user will try to check web-based email account (e.g. Yahoo email account) and this file is world readable. The said file is not deleted after the session or existing the program Trillian.


Read his report in SecurityFocus Bugtraq

Leave a Reply