Cleartext Password display in NS Communicator

Fred Albrecht (fred@DOTCOM.FR)
Wed, 02 Jul 1997 17:33:43 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brian Gentry: "Re: Vulnerability in Glimpse HTTP"
Previous message: Razvan Dragomirescu: "Vulnerability in Glimpse HTTP"
Next in thread: Holger Kanzog: "Re: Cleartext Password display in NS Communicator"

The following has been tested with Netscape Communicator 4.0 on NT 4 and
4.0b4 on Linux with the same results :

Problem :

The plaintext password for a machine accessed through FTP is
displayed by Communicator in some cases :

Method for reproduction

1. start NS Communicator
2. enter a URL of the form « ftp://user@host »
3. fill in the password in the box that Communicator pops up
4. when the file list is displayed, follow the « Parent Directory » link
5. click « back » (seems to be optional in Linux)

The password is now plainly visible in the URL field :
« ftp://user:passwd@host »

This is of course a bad thing especially since JavaScript programs can
access the history list. I haven't had time to experiment with
JavaScript regarding this but I'm certain someone will :)

This has interesting potential.

Netscape has been notified of the problem.

Fred.
-- ----------------------------------------------------------
DotCom - Communication Numérique
http://www.dotcom.fr mailto:info@dotcom.fr +33 01 46 67 51 00
"We use only the freshest handpicked electrons"
----------------------------------------------------------

Next message: Brian Gentry: "Re: Vulnerability in Glimpse HTTP"
Previous message: Razvan Dragomirescu: "Vulnerability in Glimpse HTTP"
Next in thread: Holger Kanzog: "Re: Cleartext Password display in NS Communicator"