4609820 1999-12-22  19:58  /88 rader/ Postmaster
Mottagare: Bugtraq (import) <8995>
Ärende: More Netscape Passwords Available.
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
X-Accept-Language: en
MIME-Version: 1.0
Content-Type: multipart/alternative 
             boundary="------------DEDED72A44B2CEF304F6075F"
Message-ID:  <38604C7C.75E16D88@cwo.com.au>
Date:         Wed, 22 Dec 1999 14:58:52 +1100
Reply-To: Rob Jones <robert.e.jones@CWO.COM.AU>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Rob Jones <robert.e.jones@CWO.COM.AU>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

--------------DEDED72A44B2CEF304F6075F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Netscape 4.7 stores passwords in preferences.js even
if you never ever even once tell it 'remember passwords',
and even if its a fresh install of 4.7 (the solaris install I tested
on has never seen any other version of Netscape).

I thought I was loosing it with people pointing out that this didnt
work when I thought it did but I've done my howework thistime and
this bug does definitely affect

    Solaris 2.5 Netscape 4.7
    Redhat Linux 6.0 Netscape 4.7

However it only stores them in the file from the time you log onto
your mail server to the time you quite and close all netscape windows.

Obviously this isnt as bad as it could be but it does mean there is a
window of opportunity for a hacker to grab your password from this
file. Like sending you a mail, saying check out this attachment.  You
will have had to type in your password (its then in the file), and
the application you run can grab your password .... The rest is
obvious.

Rob

P.S. This was tested with an IMAP rather than POP server, but I doubt
if its any different.

P.P.S. No I've not contacted Netscape yet. If anyone thinks they
would change this then please email them. I've havent got time
because I leave this job (peranantly, not just for christmas) on
Friday and I have too much to do before then to find the right
person to contact.


--------------DEDED72A44B2CEF304F6075F
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Netscape <b>4.7 </b>stores passwords in preferences.js even
<br>if you never ever even once tell it 'remember passwords',
<br>and even if its a fresh install of 4.7 (the solaris install I tested
<br>on has never seen any other version of Netscape).
<p>I thought I was loosing it with people pointing out that this didnt
work
<br>when I thought it did but I've done my howework thistime and
<br>this bug does definitely affect
<p>    Solaris 2.5 Netscape 4.7
<br>    Redhat Linux 6.0 Netscape 4.7
<p>However it only stores them in the file from the time you log onto
<br>your mail server to the time you quite and close all netscape windows.
<p>Obviously this isnt as bad as it could be but it does mean there is
a
<br>window of opportunity for a hacker to grab your password
<br>from this file. Like sending you a mail, saying check out this attachment.
<br>You will have had to type in your password (its then in the file),
and
<br>the application you run can grab your password .... The rest is obvious.
<p>Rob
<p>P.S. This was tested with an IMAP rather than POP server, but I
doubt
<br>if its any different.
<p>P.P.S. No I've not contacted Netscape yet. If anyone thinks they would
<br>change this then please email them. I've havent got time because I
<br>leave this job (peranantly, not just for christmas) on Friday and
<br>I have too much to do before then to find the right  person to
contact.
<br> </html>

--------------DEDED72A44B2CEF304F6075F--
(4609820) ------------------------------------------(Ombruten)