Bugtraq mailing list archives
Re: MS IE Password inputs
From: "Mattie Casper" <mattie () mattie net>
Date: Wed, 21 Nov 2001 00:25:52 -0600
Very interesting find, and I can confirm the same thing happens in IE6. I can reproduce it by placing the cursor at the beginning of a password typed-in like "1234 56789 0ABCDE FGHIJK" and then use CTRL+RIGHTARROW to move through the asterisks just as if the spaces were there. (CTRL+RIGHTARROW in some applications like IE will move you to the next 'word' in a textbox.) This can come in handy when I typo part of a password and don't want to retype it all, but this does have some slight security implications. -Mattie! Mattie Casper http://me.mattie.net ----- Original Message ----- From: "Jon Embury" <jon.embury () f1solutions com au> To: <bugtraq () securityfocus com> Sent: Tuesday, November 20, 2001 3:28 PM Subject: MS IE Password inputs
Just something I've noticed on IE 4 & 5.5 If you enter a password that contains a mix of non-alphabetic and
alphabetic
characters to an MS IE password input and then use the keyboard to
select it
while holding down tab the cursor / selected region jumps between
the
non-alphabetic characters in exactly the same manner as it does when
you
apply the same technique in word, Interdev, vb etc. It doesn't reveal the password, but it would seem to reveal at least
some of
the structure. Eg 1 2 3 4 5 Jon Embury Developer, F1 Solutions www.f1solutions.com.au
Current thread:
- MS IE Password inputs Jon Embury (Nov 20)
- Re: MS IE Password inputs Mattie Casper (Nov 20)
- Re: MS IE Password inputs Cody Smith (Nov 21)
- Re: MS IE Password inputs Mattie Casper (Nov 20)