Tested here (on 6.06 / HKSI Classic web templates): - When I log in normally, I get a blank popup window. - when I log in with the "Check here if this is your private computer and you want to use cookies to store your log-in information", I get a popup "userkey=some big long encrypted garbage line of text"
Saw nothing that showed plain text username/password. Same results in both IE6 and Netscape 4.78 - Tony >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Ms Carlsson >Sent: Thursday, July 25, 2002 6:02 AM >To: [EMAIL PROTECTED] >Subject: [IMail Forum] Bug and SECURITY issue on Imail7 (Webmail) > > >When logged on the webmail try to type > >javascript:alert(document.cookie) > >in the adress field. > >It shows your username and password IN PLAIN TEXT. > >Very very bad. > > >_________________________________________________________________ >MSN Hotmail är världens populäraste e-posttjänst. Skaffa dig ett >eget konto >du också: http://www.hotmail.com > > >Please visit http://www.ipswitch.com/support/mailing-lists.html >to be removed from this list. > >An Archive of this list is available at: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Please visit the Knowledge Base for answers to frequently asked >questions: http://www.ipswitch.com/support/IMail/ >--- >[This E-mail was scanned for viruses by http://www.intouchmi.com] > > --- [This E-mail was scanned for viruses by http://www.intouchmi.com] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
