Bugtraq mailing list archives
Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 23 Nov 2006 20:23:46 +0200 (EET)
Netscape Browser version 8.1.2 is confirmed as affected too. Vendor was contacted on 23th november, 2006. When visiting the PoC address the following URL (Chapin Information Services - Google Search) was generated: http://www.google.com/search?q=Chapin+Information+Services&loginuser=testuser&loginpass=pass&x=467&y=642 listing the Username 'testuser' and Password 'pass' as part of URL too. It is required that user will accept the Save New Passcard window with 'OK' and option Fill & Submit when visiting the site again. Workaround: Use "Never save login information for this site" option. Password Manager is known as Passcard Manager in Netscape. Juha-Matti Laurio, Networksecurity.fiMichael Scheidell <scheidell () secnap net> wrote:
Looks like this also affects FireFox 1.5.08.
Current thread:
- Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Michael Scheidell (Nov 23)
- <Possible follow-ups>
- Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Juha-Matti Laurio (Nov 23)