[11475] in bugtraq
IE and cached passwords
daemon@ATHENA.MIT.EDU (Justin King)
Sat Aug 21 21:00:58 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <81D7AF647CE8D211A53A00805F9FACFBC953@WATERTOWER>
Date: Thu, 19 Aug 1999 11:58:02 -0400
Reply-To: Justin King <JKing@GFPGROUP.COM>
From: Justin King <JKing@GFPGROUP.COM>
X-To: ntbugtraq <ntbugtraq@listserve.ntbugtraq.com>,
bugtraq <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In Internet Explorer (v5/nt,v4/nt,v5/win98), when I go to a website (say,
www.company.com), and it requests authorization (via basic authentication),
and I enter it, I am able to browse the rest of the site without reentering
my password on each page. This is fine. However, if I go to another website
on the same machine, but a different port (say, www.company.com:81), my
authentication information is still sent.
This seem to me to be a security flaw with the browser. The potential for
abuse doesn't really seem very high, but I do think it's there.
