Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Netscape Communicator 4.x sensitive informations in configuration file
From: <mstoltz () netscape com>
Date: 4 Mar 2003 19:21:00 -0000

In-Reply-To: <3E5F651E.35B09C5D () computec ch>

It seems that I'm one of the last Netscape 4.x users. 
The following paste shows the IMAP mail part of this
configuration file.
You can see that the line 17 shows the unencrypted
password

Netscape 4.x is out of date - we recommend that
everyone upgrade to our latest version, Netscape 7.02.
In versions 6.1 and later, when the user chooses to
store a password, it is saved by default in
Base64-encoded format, but not encrypted. The user can
choose to encrypt all stored passwords with a "master
password" which acts as the key for a strong encryption
algorithm (3DES or AES, I think).    To turn on the
strong encryption, choose Preferences from the Edit
menu. Open the "Privacy & Security" tab, click
"Passwords," and check the box labeled "use encryption
when storing sensitive data."
     -Mitch Stoltz
      Netscape Client Security & Privacy


  By Date           By Thread  

Current thread:
  • Re: Netscape Communicator 4.x sensitive informations in configuration file mstoltz (Mar 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]