Skip navigation
Menu
Security

Internet Explorer Exposes Users' Cached Web Credentials


 Reported October 12, 2000 by Microsoft

VERSIONS AFFECTED
  • Internet Explorer 4.x and 5.x excluding 5.5

DESCRIPTION

Microsoft has released a security bulletin and patches to address an issue with Internet Explorer versions 4.x and 5.x excluding 5.5 that allows a malicious user to obtain user-ids and passwords to websites.

DEMONSTRATION

A user can be tricked into sending authentication data to the wrong server and this data can easily be captured by network sniffing.  This is also effective if SSL is in use.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0076 and patch that is available at; http://www.microsoft.com/windows/ie/download/critical/q273868.htm

CREDIT
 Discovered by ACROS Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading