RE: unable to access web site embeds username & password

["Chris Thomas" <Chris.Thomas () bigpictureinteractive co uk>]

You can change this in the registry:

To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe 
DWORD values in one of the following registry keys and set their value data to 0

For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

From: "http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;834489";

Chris.

-----Original Message-----
From: OPTUSBYS [mailto:bysoo1 () optusnet com au]
Sent: 17 June 2004 12:32
To: webappsec () securityfocus com
Subject: unable to access web site embeds username & password


Dear all,

I have discovered if I access my intranet that embeds the username and
password, it will not work on workstations have the latest Microsoft
security patches installed.

http://username:password@webserver/website


Does anyone have a solution to this because I still don't know which
security patch that inhibits the access. 

On the other hand, I don't really want to leave my workstations unprotected
too.


Thanks for your contribution.

Much appreciated.


Regards,
Seeker.