[1263] in WWW Security List Archive
Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
daemon@ATHENA.MIT.EDU (Fred Blonder)
Mon Dec 18 20:41:08 1995
To: DaVe McComb <dave.mccomb@gs.com>
cc: "Lincoln D. Stein" <lstein@genome.wi.mit.edu>,
www-security@ns2.rutgers.edu, jcarroll@redman.canada.dg.com,
tara@linkage.cpmc.columbia.edu, fred@nasirc.hq.nasa.gov
In-reply-to: Your message of "Mon, 18 Dec 1995 14:53:17 EST."
<Pine.SUN.3.91.951218144450.20950c-100000@chocolate.is.gs.com>
Date: Mon, 18 Dec 1995 17:10:53 -0500
From: Fred Blonder <fred@nasirc.hq.nasa.gov>
Errors-To: owner-www-security@ns2.rutgers.edu
From: DaVe McComb <dave.mccomb@gs.com>
I think you're getting the disk cache confused with Netscape's
authentication. Your demonstration page will not work
correctly if you flush the disk cache before attempting it.
I'll ditto this. I've been attempting to reproduce this for the last
hour or so and have not been able to find a cached password under any
of the .netscape* directories.
----
Fred Blonder fred@nasirc.hq.nasa.gov
Hughes STX Corp. (301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md. 20770
