Date: Thu, 8 Apr 1999 18:33:06 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Foxfair Hu <foxfair@news.ks.edu.tw> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fw: Netscape 4.5 vulnerability Message-ID: <199904090133.SAA16835@apollo.backplane.com> References: <370D516D2EE.C14EFOXFAIR@news.ks.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
:Forwarded by Foxfair Hu <foxfair@news.ks.edu.tw>
:---------------- Original message follows ----------------
: From: Alexey Pavlov <paaa@UIC.NNOV.RU>
: To: BUGTRAQ@netspace.org
: Date: Thu, 8 Apr 1999 21:12:27 +0400
: Subject: Netscape 4.5 vulnerability
:--
:
:I found method how to get users passwords from Netscape 4.5 for FreeBSD
: ~user/.netscape/liprefs.js file. This file is used for storing user
:last
:session preferences .This file also contains encrypted password for
:pop3.
:Not like a DES , this encryption can be decrypted. As a result of many
:experiments i wrote this program. It gives me almost all passwords in my
: system, because all people use Netscape.
:Here is src of this decryption programm:
The 'security hole' is that netscape doesn't make the .netscape
directory 700. I'd report it to netscape. I dunno whether they
will do anything about it, though.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904090133.SAA16835>