Re: Netscape Communicator 4.x sensitive informations in configuration file

From: mstoltz@netscape.com
Date: 03/04/03

  • Next message: David Kennedy CISSP: "Re: BIND 9.2.2 Vulnerabilities?"
    Date: 4 Mar 2003 19:21:00 -0000
    From: <mstoltz@netscape.com>
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <3E5F651E.35B09C5D@computec.ch>

    >It seems that I'm one of the last Netscape 4.x users.
    >The following paste shows the IMAP mail part of this
    configuration file.
    >You can see that the line 17 shows the unencrypted
    password

    Netscape 4.x is out of date - we recommend that
    everyone upgrade to our latest version, Netscape 7.02.
    In versions 6.1 and later, when the user chooses to
    store a password, it is saved by default in
    Base64-encoded format, but not encrypted. The user can
    choose to encrypt all stored passwords with a "master
    password" which acts as the key for a strong encryption
    algorithm (3DES or AES, I think). To turn on the
    strong encryption, choose Preferences from the Edit
    menu. Open the "Privacy & Security" tab, click
    "Passwords," and check the box labeled "use encryption
    when storing sensitive data."
         -Mitch Stoltz
          Netscape Client Security & Privacy


  • Next message: David Kennedy CISSP: "Re: BIND 9.2.2 Vulnerabilities?"

    Relevant Pages

    • Re: 128 bit encryption
      ... >> Easy question for the participants of this forum. ... >> What is the lowestversion/level of IE explorer and Netscape ... >> Navigator that support 128 bit SSL encryption? ...
      (comp.security.misc)
    • Re: 128 bit encryption
      ... >> Easy question for the participants of this forum. ... >> What is the lowestversion/level of IE explorer and Netscape ... >> Navigator that support 128 bit SSL encryption? ...
      (comp.security.misc)
    • Re: 128 bit encryption
      ... > What is the lowestversion/level of IE explorer and Netscape ... This is not an easy question at all. ... Netscape and IE supported 128-bit encryption, ... IBM eServer Sales Technical Support ...
      (comp.security.misc)
    • Re: 128 bit encryption
      ... > What is the lowestversion/level of IE explorer and Netscape ... This is not an easy question at all. ... Netscape and IE supported 128-bit encryption, ... IBM eServer Sales Technical Support ...
      (comp.security.misc)
    • Re: Viewing SSL data before encryption
      ... netscape. ... > Vipin wrote: ... >> So it could do application level encryption. ...
      (microsoft.public.win32.programmer.networks)