Microsoft Web Extender Client May Expose NTLM Credentials

Reported January 11, 2001, by Microsoft

VERSIONS AFFECTED

  • Microsoft Office 2000

  • Microsoft Windows Me

  • Microsoft Windows 2000

DESCRIPTION

The Web Extender Client (WEC) might send clients' NT LAN Manager (NTLM) credentials to a remote server if requested to do so, regardless of the Microsoft Internet Explorer (IE) security settings.

VENDOR RESPONSE

Microsoft has released bulletin MS00-0101, patches, FAQ# FQ00-0101, and will make article Q282132 available online soon

CREDIT
Discovered by David Litchfield, @stake, Inc.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish