Home page logo

webappsec logo WebApp Sec mailing list archives

RE: unable to access web site embeds username & password
From: "Brown, James F." <James.F.Brown () FMR com>
Date: Tue, 22 Jun 2004 16:36:29 -0400

Keep in mind that passing passwords on the URL like this horribly
insecure. Your password will wind up sitting in web server logs, proxy
server logs and will in some cases get sent off to other sites via the
http referer mechanism.

- Jim Brown

-----Original Message-----
From: Kevin R. Babcock [mailto:kevinb () ugcs caltech edu] 
Sent: Monday, June 21, 2004 11:44 AM
To: webappsec () securityfocus com
Subject: Re: unable to access web site embeds username & password

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password () webserver/website

Does anyone have a solution to this because I still don't know which
security patch that inhibits the access.

This change is part of the MS04-004 Cumulative Security Update.  You can
disable this behavior in the registry.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]