BugTraq
Getting round website authentication with Firefox Jul 24 2005 11:52PM
account throw gmail com (3 replies)
Re: Getting round website authentication with Firefox Jul 28 2005 08:24AM
James Tait (james tait wyrddreams org)
Re: Getting round website authentication with Firefox Jul 27 2005 11:58PM
Nate Smith (nate thebackrow net)
On Sun, Jul 24, 2005 at 11:52:11PM -0000, account.throw (at) gmail (dot) com [email concealed] wrote:
> Using firefox's "save target as" feature, you can get round web authentication.
>
> Make a password protected directory (with a video file inside) (using .htaccess and htpasswd), check that it actully requires a login when you click the link to the video normally, then create a hyperlink to the file, right click save as - oh snap, it doesn't ask for authentication.
>
> I've only tested it with a video file and Firefox 1.0.6.

If this got around authenticating, it would be the fault of the server,
not the browser. The browser is only sending a 'request' for a
document. If firefox fails to ask for credentials in any authentication
scheme, it is the fault of firefox, and should be reported to their bug
tracking system. Check their support forums first to see if it's known:

http://forums.mozillazine.org/

I tried it with firefox 1.0.6 and it didn't ask for credentials, but it
didn't give me the FILE, either :) If it has cached your authentication
response from a previous request, then yes, it will let you have the
file. But that won't work for someone who genuinely doesn't know the
username/password.

-Nate

[ reply ]
Re: Getting round website authentication with Firefox Jul 27 2005 11:55PM
Christopher Kunz (christopher kunz hardened-php net)


 

Privacy Statement
Copyright 2010, SecurityFocus