Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: unable to access web site embeds username & password
From: "Michael Howard" <mikehow () microsoft com>
Date: Mon, 21 Jun 2004 12:22:47 -0700

I wrote about this in my blog in feb04

http://blogs.msdn.com/michael_howard/archive/2004/02/04/67622.aspx

essentially, the change was made to mitigate one type of phishing attack

you can enable this "functionality" with a reg key

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

[Writing Secure Code 2nd Edition]
http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[Annual Security Training]
http://mste/training/offerings.asp?offeringid=7142

-----Original Message-----
From: OPTUSBYS [mailto:bysoo1 () optusnet com au] 
Sent: Thursday, June 17, 2004 4:32 AM
To: webappsec () securityfocus com
Subject: unable to access web site embeds username & password

Dear all,

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password () webserver/website


Does anyone have a solution to this because I still don't know which
security patch that inhibits the access. 

On the other hand, I don't really want to leave my workstations
unprotected
too.


Thanks for your contribution.

Much appreciated.


Regards,
Seeker.






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault