Re: MS IE Password inputs

["Cody Smith" <smithcc () uclink4 berkeley edu>]

Worse than this is a gaping hole in Windows versions of Opera 5 and 6.  I
haven't tested earlier versions, but they could easily be vulnerable.

In Opera, passwords boxes can be read externally, by other processes.
ShoWin (~ 23 kb) is one such app which will divulge the contents of most
password boxes in Windows.

In IE and Netscape, ShoWin selects the entire document being viewed, rather
than any individual elements, so it can't read passwords.  However, in
Opera, ShoWin will report the contents of individual form elements,
including password boxes.  Simply position the crosshairs over the password
field and ShoWin displays the password in the 'Title' box.

Also, Opera will remember the status of form elements, including passwords,
when moving back and forward, so passwords are highly vulnerable throughout
the life of the document window.  I was able to log into Hotmail with the
'Public/shared computer' option, check mail, send mail, logout, and then go
all the way back and read my own password.

Cody Smith

----- Original Message -----
From: "Mattie Casper" <mattie () mattie net>
To: "Jon Embury" <jon.embury () f1solutions com au>;
<bugtraq () securityfocus com>
Sent: Tuesday, November 20, 2001 10:25 PM
Subject: Re: MS IE Password inputs


> Very interesting find, and I can confirm the same thing happens in
> IE6.
>
> I can reproduce it by placing the cursor at the beginning of a
> password typed-in like "1234 56789 0ABCDE FGHIJK" and then use
> CTRL+RIGHTARROW to move through the asterisks just as if the spaces
> were there. (CTRL+RIGHTARROW in some applications like IE will move
> you to the next 'word' in a textbox.)
>
> This can come in handy when I typo part of a password and don't want
> to retype it all, but this does have some slight security
> implications.
> -Mattie!
>
> Mattie Casper
> http://me.mattie.net
>
> ----- Original Message -----
> From: "Jon Embury" <jon.embury () f1solutions com au>
> To: <bugtraq () securityfocus com>
> Sent: Tuesday, November 20, 2001 3:28 PM
> Subject: MS IE Password inputs
>
>
> > Just something I've noticed on IE 4 & 5.5
> >
> > If you enter a password that contains a mix of non-alphabetic and
> alphabetic
> > characters to an MS IE password input and then use the keyboard to
> select it
> > while holding down tab the cursor / selected region jumps between
> the
> > non-alphabetic characters in exactly the same manner as it does when
> you
> > apply the same technique in word, Interdev, vb etc.
> >
> > It doesn't reveal the password, but it would seem to reveal at least
> some of
> > the structure.
> >
> > Eg
> >
> > 1 2 3 4 5
> >
> >
> > Jon Embury
> > Developer, F1 Solutions
> > www.f1solutions.com.au