Bugtraq mailing list archives
Re: Netscape 4.5 vulnerability
From: dvv () DVV RU (Dima Volodin)
Date: Fri, 9 Apr 1999 15:02:13 -0400
Wojtek Kaniewski wrote:
Alexey Pavlov wrote:I found method how to get users passwords from Netscape 4.5 for FreeBSD ~user/.netscape/liprefs.js file. This file is used for storing user last session preferences .This file also contains encrypted password for pop3.This method has been found months ago.
The problem is not that the password is decryptable - it _has_ to be decryptable because of POP clear-text passwords, the problem is that Netscape stores it in its pref files even though the "Remember password" checkbox is unchecked.
wojtekka () irc pl :: http://wojtekka.stone.pl/ :: ^wojtekka@irc
Dima
Current thread:
- Re: Netscape 4.5 vulnerability Jon Schlegel (Apr 08)
- <Possible follow-ups>
- Re: Netscape 4.5 vulnerability Wojtek Kaniewski (Apr 08)
- Re: Netscape 4.5 vulnerability Dima Volodin (Apr 09)
- Re: Netscape 4.5 vulnerability Juha Jäykkä (Apr 15)
- stored credentials was: Netscape 4.5 vulnerability Russell Fulton (Apr 18)
- Re: stored credentials was: Netscape 4.5 vulnerability Bernd Eckenfels (Apr 20)
- Bug in WinNT 4.0 SP4 Alvaro Gilabert (Apr 19)
- Re: Bug in WinNT 4.0 SP4 David LeBlanc (Apr 20)
- Security Bulletins Digest aleph1 () UNDERGROUND ORG (Apr 20)
- stored credentials was: Netscape 4.5 vulnerability Russell Fulton (Apr 18)