Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Mac Netscape password fields
From: CDE Francis <fuy () jhu edu>
Date: Mon, 26 Nov 2001 09:58:25 -0500

At 10:27 AM -0600 2001/11/21, behr () math niu edu wrote:
I apologize if this is well known, but the thread about IE password
inputs reminded me of a somewhat more serious problem in Netscape for
MacOS (v. 4.77, and at least some earlier ones):

A few fast Google searches did not reveal any highly ranked pages
 that discuss this problem, therefore it isn't "well known".

  access a page with <input type="password" ...>
  type something in that field
The "secret" string prints in clear text.

I just downloaded a fresh copy of the latest Communicator (v4.79)
 and it still exhibits this security flaw. I wonder what the point
 of 4.79 is, if it doesn't fix bugs like this?

Francis Uy, Web Coordinator http://www.cty.jhu.edu/cde/ 410-516-0162

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]