[10178] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Netscape 4.5 vulnerability

daemon@ATHENA.MIT.EDU (Dima Volodin)
Mon Apr 12 16:26:26 1999

Date: 	Fri, 9 Apr 1999 15:02:13 -0400
Reply-To: Dima Volodin <dvv@DVV.RU>
From: Dima Volodin <dvv@DVV.RU>
X-To:         Wojtek Kaniewski <wojtekka@BYDNET.COM.PL>
To: BUGTRAQ@NETSPACE.ORG

Wojtek Kaniewski wrote:

> Alexey Pavlov wrote:
> > I found method how to get users passwords from Netscape 4.5 for
> > FreeBSD ~user/.netscape/liprefs.js file. This file is used for
> > storing user last session preferences .This file also contains
> > encrypted password for pop3.
>
> This method has been found months ago.

The problem is not that the password is decryptable - it _has_ to be
decryptable because of POP clear-text passwords, the problem is that
Netscape stores it in its pref files even though the "Remember password"
checkbox is unchecked.

> wojtekka@irc.pl :: http://wojtekka.stone.pl/ :: ^wojtekka@irc

Dima


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10178] in bugtraq

Re: Netscape 4.5 vulnerability

daemon@ATHENA.MIT.EDU (Dima Volodin)Mon Apr 12 16:26:26 1999

daemon@ATHENA.MIT.EDU (Dima Volodin)
Mon Apr 12 16:26:26 1999