Bugtraq mailing list archives
Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS
From: Ben Laurie <ben () algroup co uk>
Date: Mon, 30 Dec 2002 21:47:45 +0000
http-equiv () excite com wrote:
Sunday, December 29, 2002There is a small silly hitch with CITIBANK CANADA's secured sign in to online banking:https://citibankcanada.ebilling.com/index.jhtml Specifically AUTOCOMPLETE="off" in the forms. It is not set.While much explanation is made about SSL connections and fancy digital certificates, the simplest of web programming errors Thwarte ! all that:CITIBANK CANADA's login allows for the Microsoft Internet Explorer autocomplete feature to function. What that does is remember your name and password. So on a public or even private machine, all one needs to do is, double click the "name" form and the password will automicrosoftly autocomplete [fill in].
This is, of course, a fault in IE, not Citibank. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Current thread:
- CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS http-equiv () excite com (Dec 30)
- Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS Ben Laurie (Dec 31)