Bugtraq mailing list archives

IE and cached passwords

From: JKing () GFPGROUP COM (Justin King)
Date: Thu, 19 Aug 1999 11:58:02 -0400


In Internet Explorer (v5/nt,v4/nt,v5/win98), when I go to a website (say,
www.company.com), and it requests authorization (via basic authentication),
and I enter it, I am able to browse the rest of the site without reentering
my password on each page. This is fine. However, if I go to another website
on the same machine, but a different port (say, www.company.com:81), my
authentication information is still sent.

This seem to me to be a security flaw with the browser. The potential for
abuse doesn't really seem very high, but I do think it's there.

Current thread:

Re: vlock + magic SysRQ key Dmitry Yu. Bolkhovityanov (Aug 09)
- IE and cached passwords Justin King (Aug 19)
- Re: vlock + magic SysRQ key Tim Fletcher (Aug 19)
- ftp.exe overflow... Valentin (Aug 20)
  - Re: ftp.exe overflow... Linux Users Strike Today (Aug 22)