In the Windows environment prefs.js isnt the only place that your password is stored. Netscape also creates a registry entry for your password (garbled as well) that any admin on your local LAN (or some cracker over the internet) can read by remotely connecting to your registry. The path it is stored in is: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\biff\users\<profile name>\servers\<mail server hostname>\password This is with the 'dont save password option' checked on 4.5 (netscape.exe internal version: 4.50.2.19) By any chance does anyone know how the password is encrypted or how strong of encryption is used? I also managed to copy that registry entry onto a separate computer (while messenger was already open and I had checked my mail once), changed the hostname of the mail server entry to match and successfully retrieved mail with that account while sniffing the plain text pop3 pass over my dialup...
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:14 PDT