[23203] in bugtraq
MS IE Password inputs
daemon@ATHENA.MIT.EDU (Jon Embury)
Tue Nov 20 20:39:10 2001
Message-ID: <5EB1BECC1DE1D4119117003048214DE2089C00@SOL>
From: Jon Embury <jon.embury@f1solutions.com.au>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Wed, 21 Nov 2001 08:28:14 +1100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Just something I've noticed on IE 4 & 5.5
If you enter a password that contains a mix of non-alphabetic and alphabetic
characters to an MS IE password input and then use the keyboard to select it
while holding down tab the cursor / selected region jumps between the
non-alphabetic characters in exactly the same manner as it does when you
apply the same technique in word, Interdev, vb etc.
It doesn't reveal the password, but it would seem to reveal at least some of
the structure.
Eg
1 2 3 4 5
Jon Embury
Developer, F1 Solutions
www.f1solutions.com.au
