SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Netscape Navigator for MacOS Security Issue

Posted on June 2, 2001

Issue:

Netscape Navigator/Communicator stores passwords in plain text
remote: no
local: yes
published: September 12, 2000
vulnerable:
Netscape Navigator/Communicator 4.x (and all versions?)

Security Issue:

There’s been a lot of security advisories and such about cookies security, but since the mac security is often very different from other operating systems, this is worth of mention.

The problem is in fact very simple, Netscape stores saved passwords as cookies in a file called MagicCookie that can be found in the netscape user folder (different for each user created.) in the Preferences folder of the system folder (System Folder: Preferences: Netscape: Netscape users: Username). The file might be present somewhere else on the disk, just search for its name.

The cookies found in the file contain passwords, private information, id’s, etc. All that in plain text, making it very easy for a malicious user to quickly read them or to sniff the passwords if sent over a network.

Fix

A good idea would be not to use the ‘save password’ feature a lot of websites such as Hotmail offer, thus not storing the password as a cookie. Until Netscape finds a better way to store those passwords…

Join our mailing list for the latest security news and deals