[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
From: "Bobby Brown" <bbrown@netsecadmin.com>
Date: Tue, 27 Jan 2004 19:57:11 -0600

Summary

Microsoft plans to release a software update that removes support for handling 
user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or 
HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no 
longer supported in Internet Explorer or Windows Explorer after you install 
this software update: 

http(s)://username:password@server/resource.ext

This article is intended to give you advance notice of this change in Internet 
Explorer's default behavior. If you include user information in HTTP or HTTPS 
URLs, Microsoft recommends that you explore the workarounds that are described 
in this article before you install this software update. Microsoft will post 
more information in this article when the software update becomes available. 


http://support.microsoft.com/default.aspx?scid=kb;[LN];834489

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
  - From: Daniel.Capo@tco.net.br

Prev by Date: Re: [Full-Disclosure] GOOROO CROSSING: File Spoofing Internet Explorer 6
Next by Date: Re: [Full-Disclosure] GOOROO CROSSING: File Spoofing Internet Explorer 6
Previous by thread: Re: [Full-Disclosure] Campus wide anti virus
Next by thread: Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
Index(es):
- Date
- Thread