WebApp Sec: Re: unable to access web site embeds username & password

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: unable to access web site embeds username & password

From: "Bill Curnow" <bill.curnow () pcca com>
Date: Mon, 21 Jun 2004 10:13:20 -0500

On 17 Jun 2004 at 21:31, OPTUSBYS wrote:

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password () webserver/website


Yup, February's "Cumulative Security Update for Internet Explorer 6 
(KB832894)", aka MS04-004, closed this hole (it was popular with 
phishers).

Does anyone have a solution to this because I still don't know which
security patch that inhibits the access.


It was never RFC-compliant so don't look for it to come back.

By Date By Thread

Current thread:

unable to access web site embeds username & password OPTUSBYS (Jun 21)
- Re: unable to access web site embeds username & password Bill Curnow (Jun 21)
- Re: unable to access web site embeds username & password Thomas Chiverton (Jun 21)
- Re: unable to access web site embeds username & password Ivo Mencke (Jun 21)
- Re: unable to access web site embeds username & password Keith W. McCammon (Jun 21)
- <Possible follow-ups>
- RE: unable to access web site embeds username & password Michael Howard (Jun 21)
- RE: unable to access web site embeds username & password Chris Thomas (Jun 21)