Vulnerability

    NeoPlanet

Affected

    Those running NeoPlanet browser

Description

    James  J.  Capone  found  following.   Per  viewing  the Directory
    structure of the NeoPlanet browser, James found that it caches and
    saves all the email you send and or reply and or receive, in plain
    text on the harddrive.  It  saves the email in a directory  called
    _tempe  it  is  a  Subdirectory  in the NeoPlanets Main directory.
    Each email you  send, respond to,  or receive is  easily read from
    any computer in any  text editor  I.E. Notepad  or Word Pad.  Each
    email saved as a Numbered text file.  Example:

        0001.txt
        0002.txt
        0003.txt etc...

    This email contains all the information in it.  The entire  header
    of the email, text, the To: CC:  Subject and From.  So if you  get
    email with sensitive information  in it, like passwords  and more,
    it can be  read in any  area. Also if  someone creates an  exploit
    that sees  the name  of the  browser as  being "NEOPLANET" then it
    can attempt  to DL  all the  .txt file  in this  directory into  a
    private server  to be  read later.   This is  only noticed  in the
    Version 5.0 of Neo  Planet.  Also if  you are on a  network with a
    shared drive, the World Per-Say could read all of your emails.

Solution

    Unknown as of now, The only thing I can think of is to maybe do  a
    read-only  on  the  directory.  This  is  also bad for people on a
    Network/ Intranet with shared Public access to their computers.