Re: Netscape 4.5 vulnerability

From: Dima Volodin (dvvat_private)
Date: Fri Apr 09 1999 - 12:02:13 PDT

Next message: GvS: "Re: ipop3d (x2) / pine (x2) / ..."

Previous message: Miguel de Icaza: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Maybe in reply to: Alexey Pavlov: "Netscape 4.5 vulnerability"
Next in thread: Juha Jäykkä: "Re: Netscape 4.5 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wojtek Kaniewski wrote:

> Alexey Pavlov wrote:
> > I found method how to get users passwords from Netscape 4.5 for
> > FreeBSD ~user/.netscape/liprefs.js file. This file is used for
> > storing user last session preferences .This file also contains
> > encrypted password for pop3.
>
> This method has been found months ago.

The problem is not that the password is decryptable - it _has_ to be
decryptable because of POP clear-text passwords, the problem is that
Netscape stores it in its pref files even though the "Remember password"
checkbox is unchecked.

> wojtekkaat_private :: http://wojtekka.stone.pl/ :: ^wojtekka@irc

Dima

Next message: GvS: "Re: ipop3d (x2) / pine (x2) / ..."
Previous message: Miguel de Icaza: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Maybe in reply to: Alexey Pavlov: "Netscape 4.5 vulnerability"
Next in thread: Juha Jäykkä: "Re: Netscape 4.5 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:04 PDT