[13019] in bugtraq
Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")
daemon@ATHENA.MIT.EDU (Holger van Lengerich)
Mon Dec 20 12:03:29 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.20.9912201538570.29209-100000@solaris-serv>
Date: Mon, 20 Dec 1999 15:50:51 +0100
Reply-To: Holger van Lengerich <gimli@UNI-PADERBORN.DE>
From: Holger van Lengerich <gimli@UNI-PADERBORN.DE>
X-To: Rob Jones <robert.e.jones@CWO.COM.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3859C44A.5A8B6364@cwo.com.au>
> I dont know if it applies to windoze but the Linux & xBSD versions of
> netscape store the 'encoded' (not encrypted) password even if
> the user never ticks the remember password box.
>
> Now that Netscape should fix!
This bug does occur only in 4.5 (all OS'es) and is already fixed in 4.51!
However, Communicator 4.51 and up will not clear the stored passwords, once
they have been stored accidentally with 4.5 .
So they did their job ... not as well as they could, but they did it.
Regards,
Holger
----------------------------------------------------------------------------
Holger van Lengerich - University of Paderborn - Dept. of Computer Science
System-Administration - Warburger Str. 100 - D 33098 Paderborn - Germany
mailto:gimli@uni-paderborn.de - http://www.uni-paderborn.de/admin/gimli
