Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE5 ACL protected pages viewable from cache by unauthorized user

From: davids () WEBMASTER COM (David Schwartz)
Date: Mon, 16 Aug 1999 18:53:42 -0700

        There's really no response to give. If you care about this, clear your
cache.

        You found a clever way in, cancel/back/forward, but it's irrelevant. A user
could simply open the page directly out of the cache. Or a user could mail
the contents of the cache out.

        You say you tested this with NT clients, but I assume you tested from the
same user account, otherwise this should not be possible. With Windows 98,
this is expected. Windows 98 is not a multiuser operating system as is not
designed to protect local files from other users.

        Bottom line, you cannot protect data on your hard drive from people with
physical access to it. Don't walk away from a computer that has sensitive
data on it if anyone who shouldn't be reading that data has physical access
to the computer. C'mon, that should be common sense by now.

        DS



Running IIS4 on NT4 (SP5) server.  Several web pages have
permissions assigned with NT ACL (both NT Challege/Response
and Basic Authentication).  Discovered that protected pages
can be viewed by unauthorized user (presumably from cache)
if authorized user previously accessed pages from same
computer client.  This happens even after the browser has
been completely closed and then reopened.  An unauthorized
user accesses the page by hitting the page link.  This
brings up the pop-up logon window.  Hit cancel.  User gets
a 401 screen.  Hit the back button.  Hit the forward
button.  Viola . . . the user without credentials has
access to the protected content.  I've tested this behavior
on NT4 WS, Win98 and Win2000 clients with the same
results.  Posts at the MS newsgroups yielded little
response.
Previous By Date Next
Previous By Thread Next

Current thread: