It seems that I'm one of the last Netscape 4.x users. During my research
for using roaming profiles I've checked a file named prefs.js in my
netscape folder (C:\Program Files\Netscape\Users\mruef).
The following paste shows the IMAP mail part of this configuration file.
You can see that the line 17 shows the unencrypted password
("MyPassword4").
This is also true for POP3 and perhaps for SMTP, NNTP and LDAP
passwords. The passwords are only stored if the remember password option
is set (e.g. line 18).
It may be possible to extract these passwords during a sneaking access
to the system (local or remote by a backdoor)[1, 2] or examine a backup.
This weakness should be keeped in mind.
I'm not sure if this vulnerability exists in other Netscape versions
(e.g. 6 or 7).
It seems that I'm one of the last Netscape 4.x users. During my research
for using roaming profiles I've checked a file named prefs.js in my
netscape folder (C:\Program Files\Netscape\Users\mruef).
The following paste shows the IMAP mail part of this configuration file.
You can see that the line 17 shows the unencrypted password
("MyPassword4").
--- cut ---
user_pref("mail.imap.server.imap.computec.ch.admin_url", "");
user_pref("mail.imap.server.imap.computec.ch.capability", 4641);
user_pref("mail.imap.server.imap.computec.ch.check_new_mail", true);
user_pref("mail.imap.server.imap.computec.ch.check_time", 60);
user_pref("mail.imap.server.imap.computec.ch.cleanup_folders_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.cleanup_inbox_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.delete_model", 2);
user_pref("mail.imap.server.imap.computec.ch.dual_use_folders", true);
user_pref("mail.imap.server.imap.computec.ch.empty_trash_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.empty_trash_threshhold",
0);
user_pref("mail.imap.server.imap.computec.ch.isSecure", true);
user_pref("mail.imap.server.imap.computec.ch.namespace.other_users",
"");
user_pref("mail.imap.server.imap.computec.ch.namespace.personal",
"\"INBOX.\"");
user_pref("mail.imap.server.imap.computec.ch.namespace.public",
"\"shared.\"");
user_pref("mail.imap.server.imap.computec.ch.offline_download", false);
user_pref("mail.imap.server.imap.computec.ch.override_namespaces",
true);
user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4");
user_pref("mail.imap.server.imap.computec.ch.remember_password", true);
user_pref("mail.imap.server.imap.computec.ch.server_sub_directory", "");
user_pref("mail.imap.server.imap.computec.ch.userName", "mruef");
user_pref("mail.imap.server.imap.computec.ch.using_subscription", true);
-- cut ---
This is also true for POP3 and perhaps for SMTP, NNTP and LDAP
passwords. The passwords are only stored if the remember password option
is set (e.g. line 18).
It may be possible to extract these passwords during a sneaking access
to the system (local or remote by a backdoor)[1, 2] or examine a backup.
This weakness should be keeped in mind.
I'm not sure if this vulnerability exists in other Netscape versions
(e.g. 6 or 7).
Bye, Marc
[1] http://www.idefense.com/advisory/11.19.02c.txt
[2] http://www.securityfocus.com/bid/6215
--
Computer, Technik und Security http://www.computec.ch/
Meine private Webseite http://www.computec.ch/mruef/
[ reply ]