Bugtraq mailing list archives
Re: Communicator 4.5 stores EVERY mail-password in preferences.js
From: belanger () risq qc ca (Pierre Belanger)
Date: Thu, 5 Nov 1998 12:56:30 -0500
Hi! The Netscape Communicator 4.5 stores the crypted version of used mail-passwords (for imap and pop3) even if you tell Netscape to *not* "remember password" in the preferences dialog.
This is ridiculous from the Netscape folks! I just found out that my preference file is group readable (640) and another user here even has his file "other" readable (644) !!! Netscape should force this file to be created in 600 mode. The .netscape directory is in mode 700 but I didn't try to figure out if Communicator is forcing the creation of the directory in this mode. I just found out a user with .netscape in 755 and the preference file in 644 !!! Pierre Belanger - RISQ
Current thread:
- Communicator 4.5 stores EVERY mail-password in preferences.js Holger van Lengerich (Nov 04)
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js Pierre Belanger (Nov 05)
- <Possible follow-ups>
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js HD Moore (Nov 04)
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js HD Moore (Nov 04)