BugTraq
Apple Safari on MacOSX may reveal user's saved passwords May 14 2007 01:50PM
poplix papusia org (1 replies)
RE: Apple Safari on MacOSX may reveal user's saved passwords May 14 2007 08:58PM
Lucas, Mark J. (mjlucas caltech edu) (1 replies)
If I'm reading this correctly, there has to be a malicious user at the
console of a logged in computer (or connected in some other
authenticated way). If I have a malicious user at my console logged in
as me, I've got more problems than web form passwords being revealed.

Am I reading this incorrectly?

> Apple Safari on Macosx may reveal user's saved passwords. A local user
with
> legitimate access to the system is able to steal keychained password
by injecting
> javascripts into a loaded webpage via applescript.
> It seems that safari fails to validate the source of injected code,
however apple
> belives this is the correct behaviour so no fixes will be made
available.

[ reply ]
Re: Apple Safari on MacOSX may reveal user's saved passwords May 16 2007 03:53PM
stephen joseph butler (stephen butler gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus