Bugtraq mailing list archives
Re: Netscape Communicator 4.x sensitive informations in configuration file
From: <mstoltz () netscape com>
Date: 4 Mar 2003 19:21:00 -0000
In-Reply-To: <3E5F651E.35B09C5D () computec ch>
It seems that I'm one of the last Netscape 4.x users. The following paste shows the IMAP mail part of this
configuration file.
You can see that the line 17 shows the unencrypted
password Netscape 4.x is out of date - we recommend that everyone upgrade to our latest version, Netscape 7.02. In versions 6.1 and later, when the user chooses to store a password, it is saved by default in Base64-encoded format, but not encrypted. The user can choose to encrypt all stored passwords with a "master password" which acts as the key for a strong encryption algorithm (3DES or AES, I think). To turn on the strong encryption, choose Preferences from the Edit menu. Open the "Privacy & Security" tab, click "Passwords," and check the box labeled "use encryption when storing sensitive data." -Mitch Stoltz Netscape Client Security & Privacy
Current thread:
- Re: Netscape Communicator 4.x sensitive informations in configuration file mstoltz (Mar 04)