Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Cached Web Credentials Vulnerability
A security vulnerability exists in Microsoft® Internet Explorer which could enable a malicious user to obtain another user’s userid and password to a web site by exploiting cached credentials.
Issue
When a user authenticates to a secured web page via Basic Authentication, IE caches the userid and password that were used, in order to minimize the number of times the user must authenticate to the same site. By design, IE should only send the cached credentials to secured pages on the site. However, it will actually send them to non-secure pages on the site as well. If a malicious user had complete control of another user’s network communications, he could wait until another user logged onto a secured site, then spoof a request for a non-secured page in order to collect the credentials.
The vulnerability does not provide a means by which the malicious user could force the other user to log onto a secure page of his choice, and could only be used to reveal credentials that had been cached during the current IE session.
Affected Products
- Microsoft Internet Explorer 4.x & 5.x
Download
Patch: http://www.microsoft.com/windows/ie/download/critical/q273868.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: October 12, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
