Netscape Communicator 4.x sensitive informations in configuration file

From: Marc Ruef (marc.ruefat_private)
Date: Fri Feb 28 2003 - 05:33:18 PST

Next message: Martin Eiszner: "axis2400 webcams"

Previous message: Christoph Schnidrig: "JRun: The Easiness of Session Fixation"
Next in thread: Nicolas RUFF (lists): "Re: Netscape Communicator 4.x sensitive informations in configuration file"
Reply: Nicolas RUFF (lists): "Re: Netscape Communicator 4.x sensitive informations in configuration file"
Reply: Neil Dickey: "Re: Netscape Communicator 4.x sensitive informations in configuration file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

It seems that I'm one of the last Netscape 4.x users. During my research
for using roaming profiles I've checked a file named prefs.js in my
netscape folder (C:\Program Files\Netscape\Users\mruef).

The following paste shows the IMAP mail part of this configuration file.
You can see that the line 17 shows the unencrypted password
("MyPassword4").

--- cut ---

user_pref("mail.imap.server.imap.computec.ch.admin_url", "");
user_pref("mail.imap.server.imap.computec.ch.capability", 4641);
user_pref("mail.imap.server.imap.computec.ch.check_new_mail", true);
user_pref("mail.imap.server.imap.computec.ch.check_time", 60);
user_pref("mail.imap.server.imap.computec.ch.cleanup_folders_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.cleanup_inbox_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.delete_model", 2);
user_pref("mail.imap.server.imap.computec.ch.dual_use_folders", true);
user_pref("mail.imap.server.imap.computec.ch.empty_trash_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.empty_trash_threshhold",
0);
user_pref("mail.imap.server.imap.computec.ch.isSecure", true);
user_pref("mail.imap.server.imap.computec.ch.namespace.other_users",
"");
user_pref("mail.imap.server.imap.computec.ch.namespace.personal",
"\"INBOX.\"");
user_pref("mail.imap.server.imap.computec.ch.namespace.public",
"\"shared.\"");
user_pref("mail.imap.server.imap.computec.ch.offline_download", false);
user_pref("mail.imap.server.imap.computec.ch.override_namespaces",
true);
user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4");
user_pref("mail.imap.server.imap.computec.ch.remember_password", true);
user_pref("mail.imap.server.imap.computec.ch.server_sub_directory", "");
user_pref("mail.imap.server.imap.computec.ch.userName", "mruef");
user_pref("mail.imap.server.imap.computec.ch.using_subscription", true);

-- cut ---

This is also true for POP3 and perhaps for SMTP, NNTP and LDAP
passwords. The passwords are only stored if the remember password option
is set (e.g. line 18).

It may be possible to extract these passwords during a sneaking access
to the system (local or remote by a backdoor)[1, 2] or examine a backup.
This weakness should be keeped in mind.

I'm not sure if this vulnerability exists in other Netscape versions
(e.g. 6 or 7).

Bye, Marc

[1] http://www.idefense.com/advisory/11.19.02c.txt
[2] http://www.securityfocus.com/bid/6215

-- 
Computer, Technik und Security                  http://www.computec.ch/
Meine private Webseite                    http://www.computec.ch/mruef/

Next message: Martin Eiszner: "axis2400 webcams"
Previous message: Christoph Schnidrig: "JRun: The Easiness of Session Fixation"
Next in thread: Nicolas RUFF (lists): "Re: Netscape Communicator 4.x sensitive informations in configuration file"
Reply: Nicolas RUFF (lists): "Re: Netscape Communicator 4.x sensitive informations in configuration file"
Reply: Neil Dickey: "Re: Netscape Communicator 4.x sensitive informations in configuration file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 08:59:34 PST