[8446] in bugtraq
Re: Communicator 4.5 stores EVERY mail-password in preferences.js
daemon@ATHENA.MIT.EDU (Pierre Belanger)
Fri Nov 6 17:44:51 1998
Date: Thu, 5 Nov 1998 12:56:30 -0500
Reply-To: Pierre Belanger <belanger@risq.qc.ca>
From: Pierre Belanger <belanger@RISQ.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Wed, 04 Nov 1998 18:29:55 +0100."
<Pine.GSO.3.95.981104162802.21919C-100000@solaris-serv>
> Hi!
>
> The Netscape Communicator 4.5 stores the crypted version of used
> mail-passwords (for imap and pop3) even if you tell Netscape to *not*
> "remember password" in the preferences dialog.
>
This is ridiculous from the Netscape folks!
I just found out that my preference file is group readable (640)
and another user here even has his file "other" readable (644) !!!
Netscape should force this file to be created in 600 mode.
The .netscape directory is in mode 700 but I didn't try to figure
out if Communicator is forcing the creation of the directory in this
mode. I just found out a user with .netscape in 755 and the
preference file in 644 !!!
Pierre Belanger - RISQ
