Bugtraq mailing list archives
Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")
From: gimli () UNI-PADERBORN DE (Holger van Lengerich)
Date: Mon, 20 Dec 1999 15:50:51 +0100
I dont know if it applies to windoze but the Linux & xBSD versions of netscape store the 'encoded' (not encrypted) password even if the user never ticks the remember password box. Now that Netscape should fix!
This bug does occur only in 4.5 (all OS'es) and is already fixed in 4.51! However, Communicator 4.51 and up will not clear the stored passwords, once they have been stored accidentally with 4.5 . So they did their job ... not as well as they could, but they did it. Regards, Holger ---------------------------------------------------------------------------- Holger van Lengerich - University of Paderborn - Dept. of Computer Science System-Administration - Warburger Str. 100 - D 33098 Paderborn - Germany mailto:gimli () uni-paderborn de - http://www.uni-paderborn.de/admin/gimli
Current thread:
- Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities, (continued)
- Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities security-alert () CISCO COM (Dec 16)
- Reinventing the wheel (aka "Decoding Netscape Mail passwords") Vanja Hrustic (Dec 15)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") John Viega (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Tim Hollebeek (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Aleph One (Dec 16)
- ssh/rsaref bo exploit code Iván Arce (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Rob Jones (Dec 16)
- More on Red Hat 6.1 sysklogd David F. Skoll (Dec 19)
- Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) suid (Dec 19)
- Netscape password scrambling Gary McGraw (Dec 20)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Holger van Lengerich (Dec 20)
- Microsoft Security Bulletin (MS99-059) Microsoft Product Security (Dec 20)
- (Possible) Linuxconf Remote Buffer Overflow Vulnerability Elias Levy (Dec 21)
- Infoseek Ultraseek Remote Buffer Overflow luciano (Dec 16)
- Re: Infoseek Ultraseek Remote Buffer Overflow Marc (Dec 16)