[11380] in bugtraq
IE5 ACL protected pages viewable from cache by unauthorized user
daemon@ATHENA.MIT.EDU (J.Kent Robinson)
Mon Aug 16 20:38:29 1999
Message-Id: <19990815123157.9447.qmail@securityfocus.com>
Date: Sun, 15 Aug 1999 12:31:57 -0000
Reply-To: "J.Kent Robinson" <krobinson@TEAMLEX.COM>
From: "J.Kent Robinson" <krobinson@TEAMLEX.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Running IIS4 on NT4 (SP5) server. Several web pages have
permissions assigned with NT ACL (both NT Challege/Response
and Basic Authentication). Discovered that protected pages
can be viewed by unauthorized user (presumably from cache)
if authorized user previously accessed pages from same
computer client. This happens even after the browser has
been completely closed and then reopened. An unauthorized
user accesses the page by hitting the page link. This
brings up the pop-up logon window. Hit cancel. User gets
a 401 screen. Hit the back button. Hit the forward
button. Viola . . . the user without credentials has
access to the protected content. I've tested this behavior
on NT4 WS, Win98 and Win2000 clients with the same
results. Posts at the MS newsgroups yielded little
response.
