IE and cached passwords

From: Justin King (JKingat_private)
Date: Thu Aug 19 1999 - 08:58:02 PDT

Next message: Max Vision: "Re: FW: DCOM attack against NT using VB6"

Previous message: Valentin: "ftp.exe overflow..."
Next in thread: Paul Leach (Exchange): "Re: IE and cached passwords"
Reply: Paul Leach (Exchange): "Re: IE and cached passwords"
Reply: Peter W: "Re: IE and cached passwords"
Reply: Aleph One: "Re: IE and cached passwords"
Reply: Paul Leach (Exchange): "Re: IE and cached passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In Internet Explorer (v5/nt,v4/nt,v5/win98), when I go to a website (say,
www.company.com), and it requests authorization (via basic authentication),
and I enter it, I am able to browse the rest of the site without reentering
my password on each page. This is fine. However, if I go to another website
on the same machine, but a different port (say, www.company.com:81), my
authentication information is still sent.

This seem to me to be a security flaw with the browser. The potential for
abuse doesn't really seem very high, but I do think it's there.

Next message: Max Vision: "Re: FW: DCOM attack against NT using VB6"
Previous message: Valentin: "ftp.exe overflow..."
Next in thread: Paul Leach (Exchange): "Re: IE and cached passwords"
Reply: Paul Leach (Exchange): "Re: IE and cached passwords"
Reply: Peter W: "Re: IE and cached passwords"
Reply: Aleph One: "Re: IE and cached passwords"
Reply: Paul Leach (Exchange): "Re: IE and cached passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:31 PDT