RE: unable to access web site embeds username & password

["Michael Howard" <mikehow () microsoft com>]

I wrote about this in my blog in feb04

http://blogs.msdn.com/michael_howard/archive/2004/02/04/67622.aspx

essentially, the change was made to mitigate one type of phishing attack

you can enable this "functionality" with a reg key

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

[Writing Secure Code 2nd Edition]
http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[Annual Security Training]
http://mste/training/offerings.asp?offeringid=7142

-----Original Message-----
From: OPTUSBYS [mailto:bysoo1 () optusnet com au] 
Sent: Thursday, June 17, 2004 4:32 AM
To: webappsec () securityfocus com
Subject: unable to access web site embeds username & password

Dear all,

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password@webserver/website


Does anyone have a solution to this because I still don't know which
security patch that inhibits the access. 

On the other hand, I don't really want to leave my workstations
unprotected
too.


Thanks for your contribution.

Much appreciated.


Regards,
Seeker.