OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: netscape POP3 passwd and mails prefs
From: Alexandre Da Fonseca (adafonsecaHERALD-COM.FR)
Date: Wed Apr 19 2000 - 09:49:07 CDT

This issue has been reported several times on bugtraq.
Your password is : vedp1rcs
BTW I put a a password decoder for netscape and other email programs on my
site if you feel like testing it : http://www.deepquest.pf/epd.htm
        Finally I hope that the password is not your...If that's the
password of the email account you posted you'd better change it asap.Because
if we take a look at the source of your post it could help "malicious"
people" to get your mails...

> Alexandre Da Fonseca aka deepquest
> Ubi solitudinem faciunt pacem appellant
> Chief of Technology Officer
> Herald Communications
> 73, bd Haussmann - 75008 Paris
> Tel. 33 1 47 42 63 63 - Fax. 33 1 42 66 39 59
> visit us at www.herald-pr.com
>
>
> ----------
> De : Simon
> Répondre à : Discussion regarding Windows-related security
> vulnerabilities and risks.
> Date : mercredi 19 avril 2000 12:03
> A : win2ksecadviceLISTSERV.NTSECURITY.NET
> Objet : netscape POP3 passwd and mails prefs
>
> Ok, I just wanted to point out a few stuff that probably everybody knows
> already, but which are of importance, so in case you didn't know, it
> might be of great help.
>
> I browsed the netscape preferences for my user and discovered a few
> interesting files, first of all
>
> liprefs.js
>
> ok, so, it's basically every preference for your user, anything, from
> background color to all the mime types. Anyway, let's get to the
> interesting security things, ok, so, I hope you are aware that your mail
> login is in cleartext look at this property :
>
> ("mail.pop_name", "myloginstandshere")
>
> just after that, whe got
>
> "mail.pop_password", "IKyLOqrMOTE=")
>
> which is your password, ENCODED, ouch, I feared the worst.
> Anyway, I just believe that having the login in clear is a real treat,
> and even if I don't know what encrypt. they use or how to decrypt it, I
> would be very interested if anybody knows how to decrypt this.
>
> One beer for the one who tell me my password.
>
> Ok, let's move to the even worse thing : In your user prefs, there's a
> mail folder, and in it, there's a text file for every mailfolder you
> created in netscape (inbox, sent....) well, let me tell you that, for
> some reason, netscape doesn't erase the mails, my file inbox file was
> 80megs big for only 20 msg in it, huhuh, I opened it, and, after a long
> wait (try to open a 80 meg text file on a 133mhz !) I discovered all the
> mails I had received for years, they were in clear text.
>
> Ok, now, could it be true that netscape engineers are weenies ?
>
>
> Sim
>
> PS tests made on mac, but win 9x is very probably the same. netscape
> 4.7, netscape 4.x is probably the same. Sorry but I had no windoze
> around this place.
>
> _____________________________________________________________________
> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
>
>

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net