Yesterday, I was transferring my files from my old laptop to my new one and encountered some interesting files inside the Skype folder. So, my curiosity doesn’t stopped me from trying to open it.
In just a few seconds after searching, I am able to see my profile, messages, and logs without logging in to my Skype which surprised me. I also found out that it was a well known vulnerability which I don’t understand why they did not bother to fix it. Though, it is not a direct vulnerability to Skype’s server but more on the user side.
When you install the Skype application it will actually keep your history for weeks or forever on your local folder. As a programmer, I fully understand that having this data on your local will help your application work faster compared to accessing it through your server. I kept thinking that their engineers should be aware enough that this might be used to exploit someone. So, they need to do something to it.
In order for you to access the jackpot file, you should go through user’s machine first. You will be lucky if they didn’t password protect it. So, having a login password to your OS will at least keep you protected from others who want to exploit those files.
Just be careful on logging in to public or untrusted computers to avoid this kind of mess. I must be just crazy thinking too much about this thing. However, it could be very important to others.
Let me know if you have some thoughts about this.