Penetration Testing: Re: MS IE User's Authentication Details (userid/password) Sharing Issue

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: MS IE User's Authentication Details (userid/password) Sharing Issue

From: Paul Johnston <paul () westpoint ltd uk>
Date: Mon, 13 Dec 2004 14:56:01 +0000

Hi,

It's the same deal for HTTP authentication. The "Remember my password"option only determines if it saves the password to disk. If you don'tselect it then it still keeps the password in memory. All the browsersare the same; this is just how HTTP authentication works.


Paul


Debasis Mohanty wrote:

When IE is configured to access internet using proxy, the user's
authentication details are cached locally without IE prompting the user.
Even though the "save my password" option is not checked, the user's proxy

authentication details are cached locally without the user's knowledge.

--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk

By Date By Thread

Current thread:

MS IE User's Authentication Details (userid/password) Sharing Issue Debasis Mohanty (Dec 12)
- Re: MS IE User's Authentication Details (userid/password) Sharing Issue Paul Johnston (Dec 13)