Netscape Communicator preference file found to be wide open.
6 Nov. 1998
Summary
Netscape Communicator uses a file called 'preferences.js' (under Windows the file is called 'prefs.js'), which stores the user's settings in plain text for anyone to read, the password it self seems to be "encrypted" by a weak encryption algorithm. Even more, if you disable the "remember password" feature, the password is still saved.
Netscape Communicator 4.5 on MSWindows based machines and UNIX machine keeps a file for saving the preferences of the user, in most cases the file isn't protected by a correct set of file permissions (on UNIX machines) such as world readable or group readable.
And on MSWindows machine, the password settings are stored under: "HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\biff\users\\servers\\password" meaning anyone with access to the registry (even from remote) can reuse the password and find it out using a simple network sniffer while it is being sent in clear text.
