Bugtraq mailing list archives
Internet explorer gives your NT password away!
From: paul () EIGEN CO UK (Paul Ashton)
Date: Sat, 15 Mar 1997 00:16:13 GMT
After a previous observation of NT challenge response insecurity and an email from Craig Rowland suggesting Microsoft exchange as a possible area of interest, please see http://www.efsl.com/security/ntie for a demonstration of one of the most insidious holes yet. Internet explorer on Microsoft NT will attempt to transparently authenticate, using a function of your NT password, to any web server on the internet that wishes to ask. If the web server so chooses, you will never even be aware that this has happenned. Paul Ashton paul.ashton () eigen co uk
Current thread:
- Exploit for buffer overflow in /bin/eject - Solaris 2.X - Cristian SCHIPOR (Mar 13)
- Re: Exploit for buffer overflow in /bin/eject - Solaris 2.X - Jonathan Sturges (Mar 13)
- Re: Exploit for buffer overflow in /bin/eject - Solaris 2.X - The Nocturnal Prince (Mar 13)
- Shockwave Security Alert Aleph One (Mar 13)
- Frotpage Extensions and Unix Roland Spatzenegger (Mar 10)
- Re: Frotpage Extensions and Unix M. (Mar 15)
- Re: Shockwave Security Alert Joseph Fish (Mar 14)
- Internet Explorer Bug #4 Aaron Spangler (Mar 14)
- Internet explorer gives your NT password away! Paul Ashton (Mar 14)
- gzip security problem Aleph One (Mar 13)
- Re: Exploit for buffer overflow in /bin/eject - Solaris 2.X - Jonathan Sturges (Mar 13)
- Re: Exploit for buffer overflow in /bin/eject - Solaris 2.X - Casper Dik (Mar 14)
- <Possible follow-ups>
- Re: Exploit for buffer overflow in /bin/eject - Solaris 2.X - Casper Dik (Mar 14)