Pascom chats are stored unencrypted on the computer

So my “problem” is the following, I have found out that all chats are stored unencrypted in the file: C:\Users\Username\AppData\Roaming\pascom Client\client.db. People with the appropriate rights (whether admins, attackers or, a user on a terminal server, in the case of a misconfiguration) would therefore be able to read the chats of all users…

I already made an article about this here in the forum a few months ago, but I haven’t heard anything about it, so I’m posting here again because I think this is a big issue in terms of security…

1 Like

ohhhhhhhhhhhhh :frowning:

You can open it with an SQLite viewer (there are also some online if you do this with a test user where the chats are not confidential), there you can see everything under the chatmessage table in a clearer and easier to read way.

You can view it quite easily and clearly using, for example.

It’s quite usual for applications to store confidential data on your disk without any encryption. If you’re using firefox and are automatically logged in at any webpage, cookies are stored on your disk without any encryption in an sqlite file :slightly_smiling_face: (checked it on macos)

If someone hijacks this file due to messed up permissions, he’ll be able to steal every single session, that you have on any website.

Key takeaway: fix your permissions

I don’t have a problem with the permissions, I just noticed it and in the cases mentioned it can happen. And just because everyone does it this way, can’t pascom be more advanced and secure? After all, you pay for licenses for their service, so surely I can expect something more than just the minimum of what is required? Or not?