|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: jones, gerald (jones_gerald
emc.com)Date: Fri Dec 14 2001 - 15:10:57 CST
I just tried this using a Windows 2000 Professional as a client and a
Windows 2000 Server running IIS 5.0. TFor an FTP Network Place, the password
was displayed in the address bar after adding the first "../", whether the
password was saved or not. The ftp (IE) window changed to "This page cannot
be displayed", as expected (not allowed to go above ftp root).
Gerry Jones
-----Original Message-----
From: Aaron Heck [mailto:AHeckouc.bc.ca]
Sent: Friday, December 14, 2001 1:46 PM
To: bugtraqsecurityfocus.com
Subject: FTP "Network Place" with saved password will reveal cached
password
Summary:
When a "Network Place" has been added to "My Network Places" with a
saved username and password it is possible to get Explorer to display
the password in cleartext format by altering the path in the address
bar.
<snip>
Aaron Heck
Instructional Microcomputer Resource Coordinator
Okanagan University College
aheckouc.bc.ca
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]