[4173] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Internet explorer gives your NT password away!

daemon@ATHENA.MIT.EDU (Paul Ashton)
Sat Mar 15 03:14:22 1997

Date: 	Sat, 15 Mar 1997 00:16:13 GMT
Reply-To: Paul Ashton <paul@EIGEN.CO.UK>
From: Paul Ashton <paul@EIGEN.CO.UK>
To: BUGTRAQ@NETSPACE.ORG

After a previous observation of NT challenge response insecurity and an
email from Craig Rowland suggesting Microsoft exchange as a possible
area of interest, please see http://www.efsl.com/security/ntie for a
demonstration of one of the most insidious holes yet. Internet explorer on
Microsoft NT will attempt to transparently authenticate, using a function
of your NT password, to any web server on the internet that wishes to ask.

If the web server so chooses, you will never even be aware that this
has happenned.

Paul Ashton
paul.ashton@eigen.co.uk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4173] in bugtraq

Internet explorer gives your NT password away!

daemon@ATHENA.MIT.EDU (Paul Ashton)Sat Mar 15 03:14:22 1997

daemon@ATHENA.MIT.EDU (Paul Ashton)
Sat Mar 15 03:14:22 1997