WebApp Sec mailing list archives
RE: unable to access web site embeds username & password
From: "Brown, James F." <James.F.Brown () FMR com>
Date: Tue, 22 Jun 2004 16:36:29 -0400
Keep in mind that passing passwords on the URL like this horribly insecure. Your password will wind up sitting in web server logs, proxy server logs and will in some cases get sent off to other sites via the http referer mechanism. - Jim Brown -----Original Message----- From: Kevin R. Babcock [mailto:kevinb () ugcs caltech edu] Sent: Monday, June 21, 2004 11:44 AM To: webappsec () securityfocus com Subject: Re: unable to access web site embeds username & password
I have discovered if I access my intranet that embeds the username and password, it will not work on workstations have the latest Microsoft security patches installed. http://username:password@webserver/website Does anyone have a solution to this because I still don't know which security patch that inhibits the access.
This change is part of the MS04-004 Cumulative Security Update. You can disable this behavior in the registry. http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 -Kevin
Current thread:
- Re: unable to access web site embeds username & password, (continued)
- Re: unable to access web site embeds username & password Thomas Chiverton (Jun 21)
- Re: unable to access web site embeds username & password Ivo Mencke (Jun 21)
- Re: unable to access web site embeds username & password Keith W. McCammon (Jun 21)
- RE: unable to access web site embeds username & password Michael Howard (Jun 21)
- RE: unable to access web site embeds username & password Chris Thomas (Jun 21)
- RE: unable to access web site embeds username & password Noah Gray (Jun 21)
- RE: unable to access web site embeds username & password sk3tch (Jun 21)
- Re: unable to access web site embeds username & password Kevin R. Babcock (Jun 22)
- RE: unable to access web site embeds username & password Michael Silk (Jun 24)
- RE: unable to access web site embeds username & password Noah Gray (Jun 24)
- RE: unable to access web site embeds username & password Brown, James F. (Jun 24)
- RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)
- Re: unable to access web site embeds username & password Andy bentley (Jun 24)
- Re: unable to access web site embeds username & password Robert Hajime Lanning (Jun 25)
- Open Source Security Exhibition help Pete Herzog (Jun 26)
- RE: unable to access web site embeds username & password Konstantin Ryabitsev (Jun 24)
- RE: unable to access web site embeds username & password Liam Quinn (Jun 26)
- RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)