Re: Basic Authorization Security Issue?

From: Hector Santos (nospam_at_nospam.com)
Date: 10/30/03 

Date: Thu, 30 Oct 2003 13:12:36 -0500

"Jason Wade" <savon1414+hfrarg.gb@earthlink.net> wrote in message
> On Wed, 29 Oct 2003 04:36:59 -0600, Hector Santos wrote:
>
> > We have verified that closing the
> > browser and simply restarting to browser and going back to the web site
> > allows him to automatically relogin into a basic authentication
intranet.
> >
>
> Just curious,
>
> Do you get the same behavior when you use netscape?

Yes, according to a followup customer report:

                                    ---------- start of forwarded
message ---------
From: "XXXXXXXXXXXXXXXXXXXXXXXX>
To: <XXXXXXXXXXXXXXXXXXX>
Sent: Monday, October 27, 2003 10:55 PM
Subject: RE: Question for ya -

This is a problem with both IE and Netscape Communicator then.

Last week I logged onto the Santronics Support BBS using the Web Browser
IE6.
Since then I have closed the browser, closed Outlook, closed Netscape, but
not rebooted. There is no Active Desktop running on XP.

Today when I went to log on to the support BBS, I did not get a login box -
I was just automatically taken to the Message area.

Let's figure out where the information is being stored, and find a way to
eliminate it, if possible.

XXXXXXXXXXXXXX
                                    ---------- end of forwarded
message ---------

When the customer followed up with this report, I just threw up my hands.
It is even more incredible if Netscape also has the problem. What is
common between IE and Netscape in regards to Basic Authentication?
WININET.DLL? INETINFO.EXE?

As I said, it is an incredible claim. However, the silence from Microsoft
and the MVP is pretty much indicating it is a known problem. The "silence
is golden" policy to help protect customers is prevailing here. 

-- 
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com

Relevant Pages

  • Re: Ben Goodger knows that, Linus knows that... how about you ?
    ... > a Browser could unseat WinXP's dominance on the desktop. ... to create a 'virtual operating system' no longer a browser, ... Microsoft File page 237 ... "A new competitor 'born' on the Internet is Netscape. ...
    (sci.physics)
  • Re: Windows Defender (formerly windows antispyware) is out!
    ... Sure you will be able to buy Windows Vista and get WD, but WD will still be available as a stand alone product for free. ... You know, as soon as they run Netscape and other browsers out of business, they'll start charging for it. ... If you've been around as long as I have, you'll know that Netscape started as a free browser competing against my favorite mosaic browsers. ... With the launch of Windows 1995 and a web browser of its own (Internet Explorer) in August 1995, ...
    (microsoft.public.windowsxp.general)
  • Re: Netscape 4.7x, unstable and XFree4.3
    ... > a bank whose branches featured drive-up tellers that only served SUVs. ... Any web site that requires such an outdated web browser as Netscape 4.x ... but it can't be THAT hard to keep a web site updated. ...
    (Debian-User)
  • Re: Windows Defender (formerly windows antispyware) is out!
    ... Sure you will be able to buy Windows Vista and get WD, ... as soon as they run Netscape and other browsers out ... Netscape started as a free browser competing against my favorite mosaic ... (Internet Explorer) ...
    (microsoft.public.windowsxp.general)
  • Re: SP2 ... just a thought to ponder ........
    ... It certainly was the case when Netscape was charging for their browser which is prolly the main reason IE overtook Netscape as the browser of choice. ... MS has always known about weak safety spots in their system (just today MS made public that ... you bought a car with electrical windows ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress.stationery)