Bugtraq mailing list archives
Re: Possible Netscape Crypto Security Flaw
From: pkrawczy () UIUC EDU (Pete Krawczyk)
Date: Tue, 16 Feb 1999 11:07:05 -0600
At 09:13 PM 2/14/99 -0600, Haze wrote:
Well then the cracker could perform a brute force crack on the encryption and attempt to gain access to the Regular Joe A's ISP and/or pop3 e-mail account...
To get to the POP3 account, you'd only need to put the password in a registry key of your own, then check the mail. I would imagine that the key to encrypt is the same across all copies of Netscape. Along those lines, if you had a sniffer next to the computer you put the encrypted password on, you could sniff the real password in transit and thus not have to brute force attack the password, since POP3 is cleartext traffic. -Pete K -- Pete Krawczyk http://www.uiuc.edu/ph/www/pkrawczy/ pkrawczy at uiuc dot edu Finger the 2nd address for PGP Public Key petek at bsod dot net "No spammies, no spammies, no spammies... stop!"
Current thread:
- Re: [proftpd-l] root compromise ? (fwd) Rodrigo Campos (Feb 09)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
- Re: [proftpd-l] root compromise ? (fwd) monk (Feb 13)
- Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
- Possible Netscape Crypto Security Flaw Haze (Feb 14)
- Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
- snap utility for AIX. Larry W. Cashdollar (Feb 17)
- Re: snap utility for AIX. Brian Hauber (Feb 18)
- mSQL vulnerability. Christofer C. Bell (Feb 17)
- OT: Copyright on Security advisories Aviram Jenik (Feb 18)
- Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
- Re: mSQL vulnerability. John W. Temples (Feb 18)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
- Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
- Regarding passwords in registry keys. Ash (Feb 19)
- Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)