Skype IM Client Password disclosure vulnerability

Credit: Aditya K Sood , Founder SecNiche Security
Released date: 11 September 2008

On the date this blog is written, the latest version (3.8) of Skype is vulnerable to IM Client Password Disclosure vulnerability. This exploitation could be launched easily with the tool pmdump.

Upon successful connection, the credential (username and password) of Skype user is stored on local kernel memory. By dumping the kernel memory into the file, the username and password could be disclosed easily.

The proof of concept is provided by secniche.org, which include 2 command prompt commands:

\>pmdump -list

A list of current process will be display, kindly select the process number:

\>pmdump [process number] [memory dump file location, eg. c:\skypekernelmem.txt]

Open the memory dump file with notepad, you will spot the username and password.

Difficulty on this attack:

  1. Physical access to the local system.
  2. Obviousness of the password (the password is messed with a lot of machine code). Like the picture shown below, how can you make sure that the password is “0skype0”, not “1220030402”, or “coul”?


0 Responses to “Skype IM Client Password disclosure vulnerability”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: