Quick Reversing - WebEx One-Click Password Storage

Cisco's WebEx is a hugely popular platform for scheduling meetings. You can conduct video and voice calls, screen sharing, and chat through the system. Meetings are usually created via a Web Portal were the user defines when the meeting starts, how long it goes for, and what services (e.g. screen sharing or just voice) their meeting will leverage. WebEx also provides a One-Click Client that offers standalone meeting scheduling and outlook integration so that users can avoid the Web Portal.

Cisco

The One-Click Client has the ability to save a user's password, so Brad Antoniewicz decided to take a quick look at that functionality - in about an hour he was able to determine the storage, reverse the method it used to encrypt the password, and write a proof of concept tool to decrypt the local storage of the password. The aim of this blog post is to document that process and maybe encourage you to do some reversing!

Quick Reversing - WebEx One-Click Password Storage | Brad Antoniewicz