From: Luciano Martins <luck@USSRBACK.COM 
 To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
 Sent: Wednesday, October 27, 1999 2:36 PM
 Subject: MSN Messenger Service 1.0 Problem: The encryption 
 algorithm used is
 weak and easily broken.
 
 
   MSN Messenger Service 1.0
  
Problem:  The encryption algorithm used is weak and easily broken. 

MSN Messenger Service allows users to save their email password using the
"Save this password so I don't have to enter it every time i log on" 
checkbox when try to logon in the Messenger Service.  The email and the
password are stored in the registry key

KEY_CURRENT_USER\Identities\{9C53B920-A2E8-11D1-A59D-008048B12
C6E}\Software\ Microsoft\MessengerService\PasswordMSN Messenger Service

 {9C53B920-A2E8-11D1-A59D-008048B12C6E} = this change in all machines


 This information can be decripted using the
 MessengerServiceEmailPasswordDumper 1.0

Published by: Ussr

Solution:
 If a user does not check the 'Save this password so I don't have to enter
it every time i log on' checkbox prevents the password from being stored
and decripted.

 MessengerServiceEmailPasswordDumper 1.0 binary for i386 or source code go
to wwww.ussrback.com/MSNMS10/