Bugtraq mailing list archives
Netscape Communicator 4.x sensitive informations in configuration file
From: Marc Ruef <marc.ruef () computec ch>
Date: Fri, 28 Feb 2003 14:33:18 +0100
Hi! It seems that I'm one of the last Netscape 4.x users. During my research for using roaming profiles I've checked a file named prefs.js in my netscape folder (C:\Program Files\Netscape\Users\mruef). The following paste shows the IMAP mail part of this configuration file. You can see that the line 17 shows the unencrypted password ("MyPassword4"). --- cut --- user_pref("mail.imap.server.imap.computec.ch.admin_url", ""); user_pref("mail.imap.server.imap.computec.ch.capability", 4641); user_pref("mail.imap.server.imap.computec.ch.check_new_mail", true); user_pref("mail.imap.server.imap.computec.ch.check_time", 60); user_pref("mail.imap.server.imap.computec.ch.cleanup_folders_on_exit", false); user_pref("mail.imap.server.imap.computec.ch.cleanup_inbox_on_exit", false); user_pref("mail.imap.server.imap.computec.ch.delete_model", 2); user_pref("mail.imap.server.imap.computec.ch.dual_use_folders", true); user_pref("mail.imap.server.imap.computec.ch.empty_trash_on_exit", false); user_pref("mail.imap.server.imap.computec.ch.empty_trash_threshhold", 0); user_pref("mail.imap.server.imap.computec.ch.isSecure", true); user_pref("mail.imap.server.imap.computec.ch.namespace.other_users", ""); user_pref("mail.imap.server.imap.computec.ch.namespace.personal", "\"INBOX.\""); user_pref("mail.imap.server.imap.computec.ch.namespace.public", "\"shared.\""); user_pref("mail.imap.server.imap.computec.ch.offline_download", false); user_pref("mail.imap.server.imap.computec.ch.override_namespaces", true); user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4"); user_pref("mail.imap.server.imap.computec.ch.remember_password", true); user_pref("mail.imap.server.imap.computec.ch.server_sub_directory", ""); user_pref("mail.imap.server.imap.computec.ch.userName", "mruef"); user_pref("mail.imap.server.imap.computec.ch.using_subscription", true); -- cut --- This is also true for POP3 and perhaps for SMTP, NNTP and LDAP passwords. The passwords are only stored if the remember password option is set (e.g. line 18). It may be possible to extract these passwords during a sneaking access to the system (local or remote by a backdoor)[1, 2] or examine a backup. This weakness should be keeped in mind. I'm not sure if this vulnerability exists in other Netscape versions (e.g. 6 or 7). Bye, Marc [1] http://www.idefense.com/advisory/11.19.02c.txt [2] http://www.securityfocus.com/bid/6215 -- Computer, Technik und Security http://www.computec.ch/ Meine private Webseite http://www.computec.ch/mruef/
Current thread:
- Netscape Communicator 4.x sensitive informations in configuration file Marc Ruef (Feb 28)
- Re: Netscape Communicator 4.x sensitive informations in configuration file Byron York (Feb 28)
- Re: Netscape Communicator 4.x sensitive informations in configuration file Nicolas RUFF (lists) (Feb 28)
- <Possible follow-ups>
- Re: Netscape Communicator 4.x sensitive informations in configuration file Paul Szabo (Feb 28)