Bugtraq: Re: Cleartext Password display in NS Communicator

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Cleartext Password display in NS Communicator

From: holger () TLNET DE (Holger Kanzog)
Date: Wed, 2 Jul 1997 19:55:52 +0200


On Wed, 2 Jul 1997, Fred Albrecht wrote:

The following has been tested with Netscape Communicator 4.0 on NT 4 and
4.0b4 on Linux with the same results :


[..]

The password is now plainly visible in the URL field :
    « ftp://user:passwd () host »


Appendix to my previous message:

It happens only when connecting over proxy Squid (1.1.10) and it appears
also in Squid's access.log.

Holger

PGP-public-key: http://www.tlnet.de/holger.asc
PGP-fingerprint: 2A AE 66 7B 25 C6 0E 21  5A C5 42 E4 A0 53 59 DD

By Date By Thread

Current thread:

Cleartext Password display in NS Communicator Fred Albrecht (Jul 02)
- Re: Cleartext Password display in NS Communicator Holger Kanzog (Jul 02)
  - Re: Cleartext Password display in NS Communicator Fred Albrecht (Jul 02)
    - Re: Cleartext Password display in NS Communicator Oskar Pearson (Jul 03)
  - BugTraq Web Archive Aleph One (Jul 02)
  - gcc port of IIServerSlayer Andrea Arcangeli (Jul 02)
  - Solaris 2.5 syslog startup failure Lauren P. Burka (Jul 02)