SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Web Browser May Disclose Passwords Typed into an HTML Form to Local Users
SecurityTracker Alert ID:  1002797
SecurityTracker URL:  http://securitytracker.com/id/1002797
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 22 2001
Impact:   Disclosure of authentication information

Version(s): Windows versions of Opera 5 and 6, other releases possibly affected.
Description:   A password disclosure vulnerability was reported in the Opera web browser. A local user (or process) can obtain passwords typed in via an HTML form.

It is reported that password boxes can be read by a local user. For example, the ShoWin application can be used to view the contents of individual form elements, including password boxes.

Because Opera retains the status of form elements when moving forward and back through sucessive pages, the contents of passwords that were previously typed can be viewed.

Impact:   A local user may be able to obtain passwords that were typed in HTML forms on an Opera browser.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Re: MS IE Password inputs


Worse than this is a gaping hole in Windows versions of Opera 5 and 6.  I
haven't tested earlier versions, but they could easily be vulnerable.

In Opera, passwords boxes can be read externally, by other processes.
ShoWin (~ 23 kb) is one such app which will divulge the contents of most
password boxes in Windows.

In IE and Netscape, ShoWin selects the entire document being viewed, rather
than any individual elements, so it can't read passwords.  However, in
Opera, ShoWin will report the contents of individual form elements,
including password boxes.  Simply position the crosshairs over the password
field and ShoWin displays the password in the 'Title' box.

Also, Opera will remember the status of form elements, including passwords,
when moving back and forward, so passwords are highly vulnerable throughout
the life of the document window.  I was able to log into Hotmail with the
'Public/shared computer' option, check mail, send mail, logout, and then go
all the way back and read my own password.

Cody Smith

----- Original Message -----
From: "Mattie Casper" <mattie@mattie.net>
To: "Jon Embury" <jon.embury@f1solutions.com.au>;
<bugtraq@securityfocus.com>
Sent: Tuesday, November 20, 2001 10:25 PM
Subject: Re: MS IE Password inputs


> Very interesting find, and I can confirm the same thing happens in
> IE6.
>
> I can reproduce it by placing the cursor at the beginning of a
> password typed-in like "1234 56789 0ABCDE FGHIJK" and then use
> CTRL+RIGHTARROW to move through the asterisks just as if the spaces
> were there. (CTRL+RIGHTARROW in some applications like IE will move
> you to the next 'word' in a textbox.)
>
> This can come in handy when I typo part of a password and don't want
> to retype it all, but this does have some slight security
> implications.
> -Mattie!
>
> Mattie Casper
> http://me.mattie.net
>
> ----- Original Message -----
> From: "Jon Embury" <jon.embury@f1solutions.com.au>
> To: <bugtraq@securityfocus.com>
> Sent: Tuesday, November 20, 2001 3:28 PM
> Subject: MS IE Password inputs
>
>
> > Just something I've noticed on IE 4 & 5.5
> >
> > If you enter a password that contains a mix of non-alphabetic and
> alphabetic
> > characters to an MS IE password input and then use the keyboard to
> select it
> > while holding down tab the cursor / selected region jumps between
> the
> > non-alphabetic characters in exactly the same manner as it does when
> you
> > apply the same technique in word, Interdev, vb etc.
> >
> > It doesn't reveal the password, but it would seem to reveal at least
> some of
> > the structure.
> >
> > Eg
> >
> > 1 2 3 4 5
> >
> >
> > Jon Embury
> > Developer, F1 Solutions
> > www.f1solutions.com.au
> >
> >
>

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC