Bugtraq mailing list archives
RE: FTP "Network Place" with saved password will reveal cached pa ssword
From: "jones, gerald" <jones_gerald () emc com>
Date: Fri, 14 Dec 2001 16:10:57 -0500
I just tried this using a Windows 2000 Professional as a client and a Windows 2000 Server running IIS 5.0. TFor an FTP Network Place, the password was displayed in the address bar after adding the first "../", whether the password was saved or not. The ftp (IE) window changed to "This page cannot be displayed", as expected (not allowed to go above ftp root). Gerry Jones -----Original Message----- From: Aaron Heck [mailto:AHeck () ouc bc ca] Sent: Friday, December 14, 2001 1:46 PM To: bugtraq () securityfocus com Subject: FTP "Network Place" with saved password will reveal cached password Summary: When a "Network Place" has been added to "My Network Places" with a saved username and password it is possible to get Explorer to display the password in cleartext format by altering the path in the address bar. <snip> Aaron Heck Instructional Microcomputer Resource Coordinator Okanagan University College aheck () ouc bc ca
Current thread:
- RE: FTP "Network Place" with saved password will reveal cached pa ssword jones, gerald (Dec 15)