I posted this onto the AIM Phoenix forum (which has since been removed by Wildman. I call damage control!), so best I regurgitate what the heck I’m talking about.
So basically, while I was digging inside the AIM Phoenix program in dotPeek out of boredom, mainly to see how the internals worked, I had noticed that the program feeds the authentication module the password in cleartext, and that the module itself does not hash the password when sending the packet to authenticate, as per normal authentication procedures, which is portrayed in the following two images:
With my new suspicions in hand, I decided to packet sniff what AIM Phoenix (the client) sends during the authentication process to see if the password was sent in cleartext, and I was basically proven correct:
For anyone who doesn’t know what the password is supposed to be under normal procedures, it is supposed to be an MD5 hash, which at least obscures the password from TCP packet sniffing. Here’s an example of such a packet sent out by the official AIM client to the AIM Phoenix server:
But note that this isn’t just tied to the AIM Phoenix client only. It makes you think about how @Wildman_Fujiami stores the password for each registered user in the database. Is it MD5 hashed? Is it cleartext?! The former is insecure, while the latter is an extreme security risk.
Either way, be cautious of using AIM Phoenix, both the client and the underlying service, and stay safe!