Vulnerability Development mailing list archives
Re: IE 5.0 - Possible Cache Security Risk
From: Oliver Bleutgen <meinbugtraq () gmx net>
Date: Wed, 24 Oct 2001 13:31:04 +0200
Disregard if this has discussed previously or is just a misconfiguration..
Recently, when setting up an htaccess section on my website I noticed that there is a caching problem with IE 5.0x.
Problem: When previously restricted site are accessed with an authenticated login, users who open IE 5.0 and access the same sites, can "cancel" the login prompt and the cached page will open up. Yes, you have to keep doing this to view all the links, but we can obviously see the problem.
No, not so obviously, because what you describe is just another way of going straight to your on-disk-cache or viewing the files in the cache settings of internet explorer. After all, the people see only the saved version of a page which was unrestricted at the time of saving. So, it might be a problem of confusing the users, esp. if it's your client: "Hey, but you said that this page cannot be seen from outsiders anymore, but I just need to press cancel ....", but IMO it's surely no security problem. cheers, oliver
Current thread:
- IE 5.0 - Possible Cache Security Risk Jason Parker (Oct 23)
- <Possible follow-ups>
- Re: IE 5.0 - Possible Cache Security Risk Oliver Bleutgen (Oct 24)