Re: IE 5.0 - Possible Cache Security Risk

[Oliver Bleutgen <meinbugtraq () gmx net>]

> Disregard if this has discussed previously or is just a
> misconfiguration..

> Recently, when setting up an htaccess section on my website I noticed
> that there is a caching problem with IE 5.0x.

> Problem:
>    When previously restricted site are accessed with an authenticated
> login, users who open IE 5.0 and access the same sites, can "cancel"
> the login prompt and the cached page will open up. Yes, you have to
> keep doing this to view all the links, but we can obviously see the
> problem.

No, not so obviously, because what you describe is just another
way of going straight to your on-disk-cache or viewing the files
in the cache settings of internet explorer.
After all, the people see only the saved version of a page which
was unrestricted at the time of saving.
So, it might be a problem of confusing the users, esp. if it's your
client: "Hey, but you said that this page cannot be seen from outsiders
anymore, but I just need to press cancel ....", but IMO it's surely
no security problem.

cheers,
oliver