Here's a few things to try to disable password caching...

If the userid/password is entered in a form on a web page...

From Microsoft KB Article Q217148
Go into "Internet Properties" and go to the "Content" tab.
Click the "Auto Complete" button.
There's a check box for "User names and passwords on forms". Clear that
check and click the "Clear Passwords" button to clear any saved form
passwords.
Hit "OK", then "OK" again.

If the userid/password is entered in a dialog box that pops up...

From Microsoft KB Article Q229940
This one involves some registry editing. If it's not done properly, it can
leave the computer unusable and might require reinstall of windows.
Login under the general account.
Navigate the registry to
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Create a DWORD value called DisablePasswordCaching and set it's value to 1

The article doesn't say anything about IE5.5sp2, but I tried it on my system
with IE5.5sp2 and it worked.

-----Original Message-----
From: Ton Geurts [mailto:geurtsvanveen.nl]
Sent: Friday, January 04, 2002 5:06 AM
To: 'focus-mssecurityfocus.com'
Subject: Removing login data from MSIE

Hi you all,

We have a security hole here to which I haven't found a solution yet.
When browsing the Internet with MSIE (5.5sp2) you have the possibility to
let MSIE remember the login data for a site you visit. That can come in
handy for some users, but... We have a general user account (sort of guest
account) for visitors who need to look something at the net. This means that
more than one person uses this account. However not everybody is bright
enough NOT to let MSIE remember the login data.

Can anyone tell me where MSIE keeps the data, and how can we remove it?

Regards,

Ton Geurts
Vanveen informatica
tel +31 (0)79 343 09 09
fax +31 (0)79 343 09 00
ema geurtsvanveen.nl

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]