[ISN] Netscape 4.5 Security Bug

From: mea culpa (jerichot_private)
Date: Wed Oct 28 1998 - 15:41:09 PST

  • Next message: mea culpa: "[ISN] Smart Card Antihack Hardware System"

    Forwarded From: phreak moi <hackerelitet_private>
    Bug compromises Navigator
    By Paul Festa
    Staff Writer, CNET News.com
    October 27, 1998, 3:05 p.m. PT
    Netscape Communications today confirmed a problem with Navigator 4.5 that
    could make the browser less secure for users on shared computers. 
    The problem has to do with the way Navigator, the Web-browsing component
    of Netscape's recently released Communicator 4.5 Web software suite,
    negotiates an HTML caching meta tag. 
    Caching is a method of saving Web files locally so that they do not have
    to be transmitted over the network every time a page is requested. Meta
    tags describe the content of a page or provide specific instructions on
    how to treat it. 
    The meta tag in this instance tells the server not to cache the page.
    While Navigator 4.5 hews to the letter of the HTML law in not caching the
    specified information to the hard disk cache, it does copy the information
    to the memory cache, according to Netscape. Previous versions of
    Navigator, along with Microsoft's Internet Explorer, do not. 
    The problem occurs only when Navigator 4.5 accesses a site secured with
    the Secure Sockets Layer encryption standard. 
    The glitch poses a potential security risk to users in computer clusters
    such as those common in universities or libraries. In the worst-case
    scenario, a person could enter a credit card number, or a user name and
    password, and a subsequent user could click back to the same page where
    that sensitive information has been preserved in the memory cache. 
    The bug was discovered by Yale University support engineer Peter Snow. 
    "Previously, if the Web site used the 'no-cache' tag, any information that
    you entered into the form would not be cached--when you returned to the
    page, the fields on the form would be empty,"  Snow said. "With 4.5, the
    browser is ignoring these tags--ironically, only on secure Web pages. 
    Navigator product manager John Gable downplayed the seriousness of the
    problem, noting that it only affects users sharing a computer and
    accessing secure pages that utilize the "no-cache"  tag. Gable said
    Netscape would post a workaround recommending that users restart the
    browser following sessions on shared computers, or that they clear the
    memory cache under the "Preferences" menu after entering sensitive
    Gable said that content providers can avoid the problem by placing the
    meta tag in the HTML header rather than in the contents of the HTML file. 
    He added that users of a shared version of Communicator could avoid the
    problem by using individual profiles. 
    "I think it's fair to call it a behavior change from previous versions,
    and maybe a bug," Gable said. 
    Netscape will correct the problem in a subsequent release of the product. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:12 PDT