[8456] in bugtraq
NS-C4.5 & Mail-Passwords
daemon@ATHENA.MIT.EDU (Holger van Lengerich)
Mon Nov 9 13:57:57 1998
Date: Sat, 7 Nov 1998 11:41:31 +0100
Reply-To: Holger van Lengerich <gimli@uni-paderborn.de>
From: Holger van Lengerich <gimli@UNI-PADERBORN.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3642E17E.AEA219B9@atos-ods.com>
Hi,
It turned out, that only IMAP-Passwords are stored in the preferences.js
after the Communicator process is correctly terminated. POP passwords are
stored in preferences.js, at the first time you fetch mail from the server
and cleared at Communicator exit. This happened using C4.5 on Sun Solaris.
Some of you may reproduce this for other OS's and send me any feedback (NOT
via bugtraq).
Even this is a security problem:
- Using an multiuser-OS like Unix: an evil user may access the preferences
file, while you are working with Communicator.
- Files may be accessible via network shares.
- In a crash situation the password may not be cleared from the
preferences.js
- In this case the "Quality Feedback Agent" (QFA) may, if you allow him to
do so, transfer the preferences.js (w. crypted password) via Internet,
(readable at any host on the way to Netscape Corp.)
Be aware that the encryption of the password gives *NO* security. You don't
need to know the decryption-algorithm, because Communicator itself can
do the decryption for you. By using a packet sniffer (like HD-MOORE) or
setting up a patched IMAP-/POP-Server with a password logging facility, you
can easily get the plaintext-passwords.
Regards,
Holger van Lengerich
----------------------------------------------------------------------------
Holger van Lengerich - University of Paderborn - Dept. of Computer Science
System-Administration - Warburger Str. 100 - D 33098 Paderborn - Germany
mailto:gimli@uni-paderborn.de - http://www.uni-paderborn.de/admin/gimli
