Re[2]: SECURITY ALERT: Password protection bug in Netscape 2

• To: hickey@ctron.com, lstein@genome.wi.mit.edu, Jeff Treuhaft <jeff@netscape.com>
• Subject: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
• From: T.Denkinger@ccmail.mi04.zds.com (Troy Denkinger)
• Date: Tue, 19 Dec 1995 10:18:48 -0500
• Cc: www-security@ns2.rutgers.edu, dave.mccomb@gs.com, jcarroll@redman.canada.dg.com, tara@linkage.cpmc.columbia.edu

>Let me first clarify that Netscape Navigator does not save the passwords 
>used to access a protected document in any hidden files.

>Second the problem you have noticed is indeed a bug in the 2.0 beta 
>versions of Netscape Navigator. 

This may be a bug in NS2.0 betas, but it seems to actually be a "feature" in the
Microsoft Internet Explorer for Win95.  Authentication information is actually 
saved onto the hard drive, it appears.

For instance, I have a secure area on our server.  I haven't logged into that 
area for weeks.  I just went there and a dialog pops up with the username and 
password all neatly typed in.  At least the password was *ed out.  Furthermore, 
there's a checkbox with the option to "Save This Password In Your Password 
List."

There's some security for ya.  This is with the current version of the MS 
Internet Explorer available from MS's web site.

Troy Denkinger

• Previous: Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
• Next: RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
• Index(es):
  • Index
  • Thread