SubscribeGet Passwords From Firefox Users With SIGNONS.TXT
Posted on Nov 19, 2007 under Firefox Tips |It’s kind of sad that Firefox is so much more secure than Internet Explorer in so many ways, but the feature that saves passwords leaves access to your data wide open.
If you are an administrator or you have direct access to a Firefox users’ PC, you can grab their passwords and transfer them over to your computer very easily. The file holding all the data is the SIGNONS.TXT file. This holds all saved usernames and passwords for each firefox profile. You can find the file at:
C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\Profile Folder
The file is encrypted, but if you also take the KEY3.DB file from the same directory and put it on your computer you can use the Firefox browser on your computer to access all of the sites of the hacked user. Just place the files in the same location (be sure to backup your copies first).
You can also view the passwords in Firefox at:
TOOLS–>OPTIONS–>PRIVACY and click on the VIEW SAVED PASSWORS button. Then choose SHOW PASSWORDS.
Protect yourself from this vulnerability:
Set a master password on Firefox.
Always lock your screen.
Disable the Saved Passwords feature in Firefox
This article applies to Mozilla Firefox 1.5x
by Id3ntity-Unkn0wn AKA TURKISH_OG, on February 6 2008 @ 12:50 pm
Thanks bro, my firefox was corrupted, but with this I managed to decrypt my passwords and keep them…thank you.
by just pointing it out ..., on November 27 2008 @ 3:37 pm
Uhm … if you have access to a PC, you basically “own” it anyway. You shouldn’t be handling private data on a computer other people have access to, anyway. IMHO this is not a security problem and not even sad!