WebApp Sec mailing list archives

Re: unable to access web site embeds username & password

From: "Bill Curnow" <bill.curnow () pcca com>
Date: Mon, 21 Jun 2004 10:13:20 -0500

On 17 Jun 2004 at 21:31, OPTUSBYS wrote:

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password@webserver/website


Yup, February's "Cumulative Security Update for Internet Explorer 6 
(KB832894)", aka MS04-004, closed this hole (it was popular with 
phishers).

Does anyone have a solution to this because I still don't know which
security patch that inhibits the access.


It was never RFC-compliant so don't look for it to come back.

Current thread:

unable to access web site embeds username & password OPTUSBYS (Jun 21)
- Re: unable to access web site embeds username & password Bill Curnow (Jun 21)
- Re: unable to access web site embeds username & password Thomas Chiverton (Jun 21)
- Re: unable to access web site embeds username & password Ivo Mencke (Jun 21)
- Re: unable to access web site embeds username & password Keith W. McCammon (Jun 21)
- <Possible follow-ups>
- RE: unable to access web site embeds username & password Michael Howard (Jun 21)
- RE: unable to access web site embeds username & password Chris Thomas (Jun 21)
- RE: unable to access web site embeds username & password Noah Gray (Jun 21)
- RE: unable to access web site embeds username & password sk3tch (Jun 21)
- Re: unable to access web site embeds username & password Kevin R. Babcock (Jun 22)
- RE: unable to access web site embeds username & password Michael Silk (Jun 24)
- RE: unable to access web site embeds username & password Noah Gray (Jun 24)

(Thread continues...)