AOL Instant Messenger Password Encryption Weakness
Low Nessus Network Monitor Plugin ID 1259
SynopsisThe remote host passes information across the network in an insecure manner
DescriptionThe remote host is running AOL Instant Messenger (AIM). Version 1.2 of AIM uses a very weak encryption scheme to protect user passwords. A remote attacker may determine a user's password given only the encrypted form of the password (by sniffing the login process for example).
SolutionUpgrade to the latest version of AOL Instant Messenger.