[8436] in bugtraq
Re: Communicator 4.5 stores EVERY mail-password in preferences.js
daemon@ATHENA.MIT.EDU (HD Moore)
Fri Nov 6 12:40:28 1998
Date: Wed, 4 Nov 1998 17:20:27 -0600
Reply-To: HD Moore <hdmoore@USA.NET>
From: HD Moore <hdmoore@USA.NET>
To: BUGTRAQ@NETSPACE.ORG
In the Windows environment prefs.js isnt the only place that your password
is stored. Netscape also creates a registry entry for your password
(garbled as well) that any admin on your local LAN (or some cracker over the
internet) can read by remotely connecting to your registry. The path it is
stored in is:
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\biff\users\<profile
name>\servers\<mail server hostname>\password
This is with the 'dont save password option' checked on 4.5 (netscape.exe
internal version: 4.50.2.19)
By any chance does anyone know how the password is encrypted or how strong
of encryption is used?
I also managed to copy that registry entry onto a separate computer (while
messenger was already open and I had checked my mail once), changed the
hostname of the mail server entry to match and successfully retrieved mail
with that account while sniffing the plain text pop3 pass over my dialup...
