Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: unable to access web site embeds username & password
From: Ivo Mencke <imencke () servecentric com>
Date: 21 Jun 2004 16:03:28 +0100

A security update is available that modifies the default behavior of
Internet Explorer for handling user information in HTTP and in HTTPS
URLs

http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;834489

SUMMARY
A security update is available that removes support for handling user
names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or
HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is
no longer supported in Internet Explorer or in Windows Explorer after
you install the MS04-004 Cumulative Security Update for Internet
Explorer (832894): 

http(s)://username:password () server/resource.ext

i would say, use another browser ....

On Thu, 2004-06-17 at 12:31, OPTUSBYS wrote:
Dear all,

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password () webserver/website


Does anyone have a solution to this because I still don't know which
security patch that inhibits the access. 

On the other hand, I don't really want to leave my workstations unprotected
too.


Thanks for your contribution.

Much appreciated.


Regards,
Seeker.







  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]