Penetration Testing mailing list archives
Re: MS IE User's Authentication Details (userid/password) Sharing Issue
From: Paul Johnston <paul () westpoint ltd uk>
Date: Mon, 13 Dec 2004 14:56:01 +0000
Hi,It's the same deal for HTTP authentication. The "Remember my password" option only determines if it saves the password to disk. If you don't select it then it still keeps the password in memory. All the browsers are the same; this is just how HTTP authentication works.
Paul Debasis Mohanty wrote:
When IE is configured to access internet using proxy, the user's authentication details are cached locally without IE prompting the user. Even though the "save my password" option is not checked, the user's proxyauthentication details are cached locally without the user's knowledge.
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk
Current thread:
- MS IE User's Authentication Details (userid/password) Sharing Issue Debasis Mohanty (Dec 12)
- Re: MS IE User's Authentication Details (userid/password) Sharing Issue Paul Johnston (Dec 13)