Bugtraq mailing list archives

Re: Communicator 4.5 stores EVERY mail-password in preferences.js

From: belanger () risq qc ca (Pierre Belanger)
Date: Thu, 5 Nov 1998 12:56:30 -0500

Hi!

The Netscape Communicator 4.5 stores the crypted version of used
mail-passwords (for imap and pop3) even if you tell Netscape to *not*
"remember password" in the preferences dialog.

This is ridiculous from the Netscape folks!

I just found out that my preference file is group readable (640)
and another user here even has his file "other" readable (644) !!!
Netscape should force this file to be created in 600 mode.

The .netscape directory is in mode 700 but I didn't try to figure
out if Communicator is forcing the creation of the directory in this
mode.  I just found out a user with .netscape in 755 and the
preference file in 644 !!!

Pierre Belanger - RISQ

Current thread:

Communicator 4.5 stores EVERY mail-password in preferences.js Holger van Lengerich (Nov 04)
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js Pierre Belanger (Nov 05)
- <Possible follow-ups>
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js HD Moore (Nov 04)
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js HD Moore (Nov 04)