Bugtraq mailing list archives

Re: Communicator 4.5 stores EVERY mail-password in preferences.js

From: hdmoore () USA NET (HD Moore)
Date: Wed, 4 Nov 1998 17:20:27 -0600


In the Windows environment prefs.js isnt the only place that your password
is stored.  Netscape also creates a registry entry for your password
(garbled as well) that any admin on your local LAN (or some cracker over the
internet) can read by remotely connecting to your registry.  The path it is
stored in is:

HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\biff\users\<profile
name>\servers\<mail  server hostname>\password

This is with the 'dont save password option' checked on 4.5 (netscape.exe
internal version: 4.50.2.19)

By any chance does anyone know how the password is encrypted or how strong
of encryption is used?

I also managed to copy that registry entry onto a separate computer (while
messenger was already open and I had checked my mail once), changed the
hostname of the mail server entry to match and successfully retrieved mail
with that account while sniffing the plain text pop3 pass over my dialup...

Current thread:

Communicator 4.5 stores EVERY mail-password in preferences.js Holger van Lengerich (Nov 04)
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js Pierre Belanger (Nov 05)
- <Possible follow-ups>
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js HD Moore (Nov 04)
- Re: Communicator 4.5 stores EVERY mail-password in preferences.js HD Moore (Nov 04)