[amluto]

I like how the vulnerability is in the path that (a) attempts to write the password in reversibly encrypted form to disk [0] and (b) has a weird fallback path that writes it in clear text. Sigh.

[0] cPabel seems to be from 1996. We’ve known this is a mistake since before 1996.

[christophilus]

Yeah. There are a lot of people saying, “This is why you don’t roll your own…” but if I’d rolled my own, there wouldn’t have been reversible encryption involved, and there certainly wouldn’t have been plain text.