Security Basics mailing list archives
RE: Firefox Bypass Master password Vulnerability
From: Lauren Twele <ltwele () symplified com>
Date: Tue, 27 Jul 2010 12:42:14 -0600
Even though the password function in Firefox is useful and convenient, it is important to remember that this tool does not provide audit logs, access control, reporting or provisioning. The Firefox password tool would not meet compliance or security standards in many organizations. That is why an identity and access management solution is needed, which often comes with single sign on as well. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of hack2prison () yahoo com Sent: Monday, July 26, 2010 5:59 AM To: security-basics () securityfocus com Subject: Firefox Bypass Master password Vulnerability Firefox has a useful function: manage login information which allows users remember their username and password. When users browse the site which they saved login infomation it will auto fill login form. Users can view the username and password saved by click Tools --> Options --> Security --> Saved Password. That is not safe but Firefox has option to protect this infomation that is "Use a Master password" (Image 1): http://www.shareapic.net/View-21364528-Use-Google-Chrome-to-hack-Firefox.h tml Once run Firefox and browse pages which saved login information, Firefox will ask Master Password. If type right Master password , Login information will be used (Image 2): http://www.shareapic.net/View-21364535-Use-Google-Chrome-to-hack-Firefox.h tml More people believe this Master password but I detected that other person can use Google Chrome to "HACK" Firefox. Install Google Chrome and browse a website (saved login information) and you will be surprised because login information are auto filled (Image 3): http://www.shareapic.net/View-21364541-Use-Google-Chrome-to-hack-Firefox.h tml Discovered by Hack2Prison Source: http://admindiscuss.com/forum/showthread.php?tid=35 ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f7 27d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Firefox Bypass Master password Vulnerability hack2prison (Jul 27)
- Re: Firefox Bypass Master password Vulnerability Adam Mooz (Jul 27)
- RE: Firefox Bypass Master password Vulnerability Lauren Twele (Jul 28)
- Re: Firefox Bypass Master password Vulnerability Andre Pawlowski (Jul 29)