BugTraq
Potential disclosure of sensitive information in Netscape 7.0 email client Jan 01 2003 11:19AM
Michael Puchol (mpuchol sonar-security com) (1 replies)
Re: Potential disclosure of sensitive information in Netscape 7.0 email client Jan 01 2003 11:38PM
Bartek Raszczyk (crayfish underground org pl)
Hello Michael,

Wednesday, January 1, 2003, 12:19:49 PM, you wrote:

MP> Netscape 7.0 includes, as part of it's release, an email client, capable of
MP> handling POP3 and IMAP accounts. The method that the email client utilizes
MP> to permanently delete email messages is not explained, which could lead to
MP> users having large quantities of email messages, which they would think of
MP> as permanently deleted, still stored in clear text on their hard disks.

The same applies to Ritlab's The Bat! (up to version 1.60c i'm
currently using).

The Bat! stores all of the messages in
$thebathome\mail\$accountname\$foldername\Messages.tbb and
status information in Messages.tbi (without customization and
message filtering all mail goes to $foldername named inbox).
All messages remain there until Folder|Compress function is used.

The question is - is that a feature or a bug?
I'm using The Bat! for nearly three years now and it's there
from where I can remember (although there were dozen or so version changes).

--
Best regards,
Bartek Raszczyk mailto:crayfish (at) underground.org (dot) pl [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus