"Proper" security usually means balancing productivity vs. Features pay for software not security which tends to makes security an afterthought. The issue is rarely the tool but how you are using the tool. Teamviewer is multiplatform so I would guess that a design decision was made to handle credential information this way to be platform independent and a decision was made to store the key in the registry with little to no protection.
Reversible encryption means you have keys to protect or making sure that the user context being used is protected as best as you can. In Windows you do have secure password storage, but believe it can be machine independent but defaults in tying the store to user/machine an not portable. If you are storing credentials to access another resource, then that becomes a hell of a lot more complicated because there is a lot more to protect and lock down.
If you are just checking credentials and don't need to know the password itself, then a hash algorithm should have been used as those are supposed to be one way.
0 kommentar(er)
