WebApp Sec mailing list archives
RE: unable to access web site embeds username & password
From: "Michael Howard" <mikehow () microsoft com>
Date: Mon, 21 Jun 2004 12:22:47 -0700
I wrote about this in my blog in feb04 http://blogs.msdn.com/michael_howard/archive/2004/02/04/67622.aspx essentially, the change was made to mitigate one type of phishing attack you can enable this "functionality" with a reg key http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 [Writing Secure Code 2nd Edition] http://www.microsoft.com/mspress/books/5957.asp [Protect Your PC] http://www.microsoft.com/protect [Blog] http://blogs.msdn.com/michael_howard [Annual Security Training] http://mste/training/offerings.asp?offeringid=7142 -----Original Message----- From: OPTUSBYS [mailto:bysoo1 () optusnet com au] Sent: Thursday, June 17, 2004 4:32 AM To: webappsec () securityfocus com Subject: unable to access web site embeds username & password Dear all, I have discovered if I access my intranet that embeds the username and password, it will not work on workstations have the latest Microsoft security patches installed. http://username:password@webserver/website Does anyone have a solution to this because I still don't know which security patch that inhibits the access. On the other hand, I don't really want to leave my workstations unprotected too. Thanks for your contribution. Much appreciated. Regards, Seeker.
Current thread:
- unable to access web site embeds username & password OPTUSBYS (Jun 21)
- Re: unable to access web site embeds username & password Bill Curnow (Jun 21)
- Re: unable to access web site embeds username & password Thomas Chiverton (Jun 21)
- Re: unable to access web site embeds username & password Ivo Mencke (Jun 21)
- Re: unable to access web site embeds username & password Keith W. McCammon (Jun 21)
- <Possible follow-ups>
- RE: unable to access web site embeds username & password Michael Howard (Jun 21)
- RE: unable to access web site embeds username & password Chris Thomas (Jun 21)
- RE: unable to access web site embeds username & password Noah Gray (Jun 21)
- RE: unable to access web site embeds username & password sk3tch (Jun 21)
- Re: unable to access web site embeds username & password Kevin R. Babcock (Jun 22)
- RE: unable to access web site embeds username & password Michael Silk (Jun 24)
- RE: unable to access web site embeds username & password Noah Gray (Jun 24)
- RE: unable to access web site embeds username & password Brown, James F. (Jun 24)
- RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)
- Re: unable to access web site embeds username & password Andy bentley (Jun 24)
- Re: unable to access web site embeds username & password Robert Hajime Lanning (Jun 25)
- RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)
(Thread continues...)