Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: unable to access web site embeds username & password
From: "Bill Curnow" <bill.curnow () pcca com>
Date: Mon, 21 Jun 2004 10:13:20 -0500

On 17 Jun 2004 at 21:31, OPTUSBYS wrote:

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password () webserver/website

Yup, February's "Cumulative Security Update for Internet Explorer 6 
(KB832894)", aka MS04-004, closed this hole (it was popular with 
phishers).
 
Does anyone have a solution to this because I still don't know which
security patch that inhibits the access. 

It was never RFC-compliant so don't look for it to come back.  


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault