kaelri / enigma

A featured "suite" for the Windows system monitoring application, Rainmeter.
https://www.kaelri.com/project/enigma/
275 stars 94 forks source link

HUGE SECURITY ISSUE #76

Closed RainmeterUser closed 10 years ago

RainmeterUser commented 10 years ago

My e-mail account got hacked yesterday, shortly after I wrote my data (mail/pw) into the option-skin of this theme. I recommend you to don't disclose any important data to the Enigma Theme. Apparently I does not use secure methods like SSL or the like.

jsmorley commented 10 years ago

Enigma does use SSL on the URL when it is sent to gmail. The protocol used is https:// not http://

I think you might want to look further at your system to ensure there isn't some virus or malware that is "sniffing" things as they are sent out.

chernobog commented 10 years ago

Enigma (and all Rainmeter skins) save any password you provide in plain text to your computer. However, they never send unencrypted data to the service you are trying to authenticate (service providers don't allow plain text logins anyway so such an authentication attempt would fail). However, it is widely known that Rainmeter saves account passwords in the plain text. So, if I were a malware author I would always have my malware check for %userprofile%\Documents\Rainmeter and scrape the *.ini files for usernames and passwords. In short, you have a virus. Enigma/Rainmeter is not malware.

RainmeterUser commented 10 years ago

Oh sorry, my fault / Google fail. And yeah, I meant HTTPS, not SSL. Google told me there was a unauthorized access on my e-mail account, showed me the IP and the location. Now I tracked this IP w/ utrace etc. and it's definitely not the location Google told me, but the location of my VPN -.-

Nvm, nice theme, but is there any fix for the #72 incorrect world time? I got the same prob.