[23259] in bugtraq
Re: Mac Netscape password fields
daemon@ATHENA.MIT.EDU (CDE Francis)
Mon Nov 26 22:57:49 2001
Date: Mon, 26 Nov 2001 09:58:25 -0500
From: CDE Francis <fuy@jhu.edu>
In-reply-to: <200111211628.KAA04325@mail.math.niu.edu>
To: behr@math.niu.edu
Cc: bugtraq@securityfocus.com
Message-id: <a05100302b82807f8108d@[128.220.149.127]>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
At 10:27 AM -0600 2001/11/21, behr@math.niu.edu wrote:
>I apologize if this is well known, but the thread about IE password
>inputs reminded me of a somewhat more serious problem in Netscape for
>MacOS (v. 4.77, and at least some earlier ones):
A few fast Google searches did not reveal any highly ranked pages
that discuss this problem, therefore it isn't "well known".
> access a page with <input type="password" ...>
> type something in that field
> print
>The "secret" string prints in clear text.
I just downloaded a fresh copy of the latest Communicator (v4.79)
and it still exhibits this security flaw. I wonder what the point
of 4.79 is, if it doesn't fix bugs like this?
--
Francis Uy, Web Coordinator http://www.cty.jhu.edu/cde/ 410-516-0162
