Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ALERT: Remote Retrieval Of Authentication Data From Internet Explorer

From: Justin King <JKing () GFPGROUP COM>
Date: Mon, 16 Oct 2000 13:30:20 -0400
At the core of this vulnerability is a "feature" I recall reporting to
bugtraq over a year ago.

See:
 http://www.securityfocus.com/archive/1/24766

At that time the bugtraq community seemed to deny that there really was a
vulnerability, though I believe someone from Microsoft mentioned they would
suggest the IE team look into it.

It's nice to see someone come up with a fairly convincing exploit.

-Justin

 -----Original Message-----
From:   Mitja Kolsek [mailto:mitja.kolsek () ACROS SI]
Sent:   Friday, October 13, 2000 11:40 AM
To:     BUGTRAQ () SECURITYFOCUS COM
Subject:        ALERT: Remote Retrieval Of Authentication Data From Internet
Explorer

   =========================================================================
   ACROS Security Problem Report #2000-07-22-2-PUB
   -------------------------------------------------------------------------
   Remote Retrieval Of Authentication Data From Internet Explorer
   =========================================================================
   PUBLIC REPORT



   Affected System(s): Internet Explorer used in web-based systems with HTTP
                       Basic authentication
              Problem: Usernames and passwords can be retrieved remotely
                       from Internet Explorer
             Severity: High
             Solution: (see "Advisory" section)
              Written: July 22, 2000
          Last update: October 13, 2000
            Published: October 13, 2000


SUMMARY
=======

Our team has analyzed how popular web browsers could be tricked to reveal
the
cached username:password pairs and discovered a way how this can be done by
a remote attacker even when SSL is used to protect this data while in
transfer over insecure channels like Internet.

As a result, we have identified a weakness in Microsoft's Internet Explorer.
However, it *should not* be assumed that only this product is affected but
rather all vendors of web browsers are urged to review their products for
the identified vulnerability.

Note: We have put quite an effort into notifying these other vendors.
Unfortunately, we got very little response so we are unable to provide the
status of their products in this report.

The purpose of this report is to describe a security problem in IE's
handling
of cached BASIC authentication data and also to provide a workable scenario
for exploiting this, and similar, vulnerabilities.
Previous By Date Next
Previous By Thread Next

Current thread: