Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MS IE Password inputs
From: "Cody Smith" <smithcc () uclink4 berkeley edu>
Date: Wed, 21 Nov 2001 02:34:02 -0800

Worse than this is a gaping hole in Windows versions of Opera 5 and 6.  I
haven't tested earlier versions, but they could easily be vulnerable.

In Opera, passwords boxes can be read externally, by other processes.
ShoWin (~ 23 kb) is one such app which will divulge the contents of most
password boxes in Windows.

In IE and Netscape, ShoWin selects the entire document being viewed, rather
than any individual elements, so it can't read passwords.  However, in
Opera, ShoWin will report the contents of individual form elements,
including password boxes.  Simply position the crosshairs over the password
field and ShoWin displays the password in the 'Title' box.

Also, Opera will remember the status of form elements, including passwords,
when moving back and forward, so passwords are highly vulnerable throughout
the life of the document window.  I was able to log into Hotmail with the
'Public/shared computer' option, check mail, send mail, logout, and then go
all the way back and read my own password.

Cody Smith

----- Original Message -----
From: "Mattie Casper" <mattie () mattie net>
To: "Jon Embury" <jon.embury () f1solutions com au>;
<bugtraq () securityfocus com>
Sent: Tuesday, November 20, 2001 10:25 PM
Subject: Re: MS IE Password inputs


Very interesting find, and I can confirm the same thing happens in
IE6.

I can reproduce it by placing the cursor at the beginning of a
password typed-in like "1234 56789 0ABCDE FGHIJK" and then use
CTRL+RIGHTARROW to move through the asterisks just as if the spaces
were there. (CTRL+RIGHTARROW in some applications like IE will move
you to the next 'word' in a textbox.)

This can come in handy when I typo part of a password and don't want
to retype it all, but this does have some slight security
implications.
-Mattie!

Mattie Casper
http://me.mattie.net

----- Original Message -----
From: "Jon Embury" <jon.embury () f1solutions com au>
To: <bugtraq () securityfocus com>
Sent: Tuesday, November 20, 2001 3:28 PM
Subject: MS IE Password inputs


Just something I've noticed on IE 4 & 5.5

If you enter a password that contains a mix of non-alphabetic and
alphabetic
characters to an MS IE password input and then use the keyboard to
select it
while holding down tab the cursor / selected region jumps between
the
non-alphabetic characters in exactly the same manner as it does when
you
apply the same technique in word, Interdev, vb etc.

It doesn't reveal the password, but it would seem to reveal at least
some of
the structure.

Eg

1 2 3 4 5


Jon Embury
Developer, F1 Solutions
www.f1solutions.com.au





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]