Forgot your password?

+ - Safari Stores Previous Browsing Session Data Unencrypted->

Submitted by msm1267
msm1267 (2804139) writes "Users of Apple’s Safari browser are at risk for information loss because of a feature common to most browsers that restores previous sessions.

The problem with Safari is that it stores session information including authentication credentials used in previous HTTPS sessions in a plaintext XML file called a Property list, or plist, file. The plist files, a researcher with Kaspersky Lab’s Global Research and Analysis Team said, are stored in a hidden folder, but hiding them in plain sight isn’t much of a hurdle for a determined attacker.

“The complete authorized session on the site is saved in the plist file in full view despite the use of https,” said researcher Vyacheslav Zakorzhevsky on the Securelist blog. “The file itself is located in a hidden folder, but is available for anyone to read.”"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Safari Stores Previous Browsing Session Data Unencrypted

Comments Filter:

Help me, I'm a prisoner in a Fortune cookie file!