Bugtraq mailing list archives
Re: ALERT: Remote Retrieval Of Authentication Data From Internet Explorer
From: Justin King <JKing () GFPGROUP COM>
Date: Mon, 16 Oct 2000 13:30:20 -0400
At the core of this vulnerability is a "feature" I recall reporting to bugtraq over a year ago. See: http://www.securityfocus.com/archive/1/24766 At that time the bugtraq community seemed to deny that there really was a vulnerability, though I believe someone from Microsoft mentioned they would suggest the IE team look into it. It's nice to see someone come up with a fairly convincing exploit. -Justin -----Original Message----- From: Mitja Kolsek [mailto:mitja.kolsek () ACROS SI] Sent: Friday, October 13, 2000 11:40 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: ALERT: Remote Retrieval Of Authentication Data From Internet Explorer ========================================================================= ACROS Security Problem Report #2000-07-22-2-PUB ------------------------------------------------------------------------- Remote Retrieval Of Authentication Data From Internet Explorer ========================================================================= PUBLIC REPORT Affected System(s): Internet Explorer used in web-based systems with HTTP Basic authentication Problem: Usernames and passwords can be retrieved remotely from Internet Explorer Severity: High Solution: (see "Advisory" section) Written: July 22, 2000 Last update: October 13, 2000 Published: October 13, 2000 SUMMARY ======= Our team has analyzed how popular web browsers could be tricked to reveal the cached username:password pairs and discovered a way how this can be done by a remote attacker even when SSL is used to protect this data while in transfer over insecure channels like Internet. As a result, we have identified a weakness in Microsoft's Internet Explorer. However, it *should not* be assumed that only this product is affected but rather all vendors of web browsers are urged to review their products for the identified vulnerability. Note: We have put quite an effort into notifying these other vendors. Unfortunately, we got very little response so we are unable to provide the status of their products in this report. The purpose of this report is to describe a security problem in IE's handling of cached BASIC authentication data and also to provide a workable scenario for exploiting this, and similar, vulnerabilities.
Current thread:
- ALERT: Remote Retrieval Of Authentication Data From Internet Explorer Mitja Kolsek (Oct 13)
- <Possible follow-ups>
- Re: ALERT: Remote Retrieval Of Authentication Data From Internet Explorer Justin King (Oct 16)
- Re: ALERT: Remote Retrieval Of Authentication Data From Internet Explorer Mitja Kolsek (Oct 16)