COMMAND

    netscape

SYSTEMS AFFECTED

    Win 9x, NT

PROBLEM

    Protecting against Administrators is not easily done with NT.  You
    must trust  your Administrators.   However, this  particular piece
    of  information  pertains  to  the possibility that Administrators
    might  easily  obtain  information  regarding  your  passwords  to
    off-site POP3  accounts.   This might  not be  widely expected, or
    known.  Following was found by Alexandre Viale.

    So,  Administrators  on  an  NT  box  (W95/W98  too?)  may  access
    mailboxes  used   by  people   using  Netscape   Communicator/Mail
    notification v4.x, without password.

        When using Netscape  Messenger, even if  you do NOT  check the
        "remember password" configuration box, Communicator 4.5  (this
        version  only)  always  saves  your  password  in registry for
        potential use by Netscape Mail Notification.

        If you  use Netscape  Mail Notification,  with any  version of
        Netscape, the password is asked  once then saved, in the  same
        place:

        HKCU\Software\Netcape\Netscape Navigator\biff\Users\<user>\Servers\<server>

        with Administrators:Full rights

    Passwords  are  encoded,  but  any  administrator  may  read it in
    registry  and  copy  it  into  another computer, run Netscape Mail
    Notification 4.5,  and double  click on  the tray  icon to  access
    users' mailboxes on any distant server.

SOLUTION

    As this appears to be case with 4.5, do downgrade/upgrade.