mailing list archives
RE: unable to access web site embeds username & password
From: "Brown, James F." <James.F.Brown () FMR com>
Date: Tue, 22 Jun 2004 16:36:29 -0400
Keep in mind that passing passwords on the URL like this horribly
insecure. Your password will wind up sitting in web server logs, proxy
server logs and will in some cases get sent off to other sites via the
http referer mechanism.
- Jim Brown
From: Kevin R. Babcock [mailto:kevinb () ugcs caltech edu]
Sent: Monday, June 21, 2004 11:44 AM
To: webappsec () securityfocus com
Subject: Re: unable to access web site embeds username & password
I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.
http://username:password () webserver/website
Does anyone have a solution to this because I still don't know which
security patch that inhibits the access.
This change is part of the MS04-004 Cumulative Security Update. You can
disable this behavior in the registry.
- Re: unable to access web site embeds username & password, (continued)