[13059] in bugtraq
More Netscape Passwords Available.
daemon@ATHENA.MIT.EDU (Rob Jones)
Wed Dec 22 15:46:07 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="------------DEDED72A44B2CEF304F6075F"
Message-Id: <38604C7C.75E16D88@cwo.com.au>
Date: Wed, 22 Dec 1999 14:58:52 +1100
Reply-To: Rob Jones <robert.e.jones@CWO.COM.AU>
From: Rob Jones <robert.e.jones@CWO.COM.AU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--------------DEDED72A44B2CEF304F6075F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Netscape 4.7 stores passwords in preferences.js even
if you never ever even once tell it 'remember passwords',
and even if its a fresh install of 4.7 (the solaris install I tested
on has never seen any other version of Netscape).
I thought I was loosing it with people pointing out that this didnt work
when I thought it did but I've done my howework thistime and
this bug does definitely affect
Solaris 2.5 Netscape 4.7
Redhat Linux 6.0 Netscape 4.7
However it only stores them in the file from the time you log onto
your mail server to the time you quite and close all netscape windows.
Obviously this isnt as bad as it could be but it does mean there is a
window of opportunity for a hacker to grab your password
from this file. Like sending you a mail, saying check out this attachment.
You will have had to type in your password (its then in the file), and
the application you run can grab your password .... The rest is obvious.
Rob
P.S. This was tested with an IMAP rather than POP server, but I doubt
if its any different.
P.P.S. No I've not contacted Netscape yet. If anyone thinks they would
change this then please email them. I've havent got time because I
leave this job (peranantly, not just for christmas) on Friday and
I have too much to do before then to find the right person to contact.
--------------DEDED72A44B2CEF304F6075F
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Netscape <b>4.7 </b>stores passwords in preferences.js even
<br>if you never ever even once tell it 'remember passwords',
<br>and even if its a fresh install of 4.7 (the solaris install I tested
<br>on has never seen any other version of Netscape).
<p>I thought I was loosing it with people pointing out that this didnt
work
<br>when I thought it did but I've done my howework thistime and
<br>this bug does definitely affect
<p> Solaris 2.5 Netscape 4.7
<br> Redhat Linux 6.0 Netscape 4.7
<p>However it only stores them in the file from the time you log onto
<br>your mail server to the time you quite and close all netscape windows.
<p>Obviously this isnt as bad as it could be but it does mean there is
a
<br>window of opportunity for a hacker to grab your password
<br>from this file. Like sending you a mail, saying check out this attachment.
<br>You will have had to type in your password (its then in the file),
and
<br>the application you run can grab your password .... The rest is obvious.
<p>Rob
<p>P.S. This was tested with an IMAP rather than POP server, but I
doubt
<br>if its any different.
<p>P.P.S. No I've not contacted Netscape yet. If anyone thinks they would
<br>change this then please email them. I've havent got time because I
<br>leave this job (peranantly, not just for christmas) on Friday and
<br>I have too much to do before then to find the right person to
contact.
<br> </html>
--------------DEDED72A44B2CEF304F6075F--
