Microsoft Internet Explorer Cached Web Credentials Disclosure Vulnerability

Plaintext communication between a client using Microsoft Internet Explorer and a 128-bit SSL secured server could be monitored under certain circumstances, thereby allowing for the possibility of userids, passwords, and other sensitive information to be disclosed to a third party.

When performing authentication to a secured website, Internet Explorer will pass along credentials such as userids and passwords and store them in a cache for later retrieval if requested by the website. In the case that Basic HTTP Authentication is used to connect to the secure website, Internet Explorer will send credentials to non-secure parts of the website when in theory it should only be sending them to secure pages. Transmittal of credentials over insecure channels makes it feasible for a malicous third party to obtain plaintext userids and passwords. This is under the condition that the thirdy party can listen to network traffic between the client and server. In addition, any credentials could only be retrieved by a third party during the duration of the user's current browsing session.

This vulnerability does not affect Internet Explorer 5.5, only prior versions.


 

Privacy Statement
Copyright 2010, SecurityFocus