[Previous] [Next] [Index]
[Thread]
Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
On Mon, 18 Dec 1995 hickey@ctron.com wrote:
> > I believe you're right. Netscape is cacheing the protected document to
> > disk and then returning it on subsequent sessions without requiring
> > reauthentication by the user. This is still a major uh-oh, but not nearly
> > as bad as my first hypothesis that Netscape was storing passwords to disk.
> >
> > Lincoln
> >
>
> This is a bug that we found a little while ago. It was not present in version
> 1.X, but it was introduced with the 2.0 code.
>
> There are two versions of this bug that is really the same one.
>
> 1. If you have your "verify document" set to once per session, then
> you can cancel on an authorization attempt, go to an unprotected
> URL and use the back button to get the text. The images on the
> page are attempted to be retrieved and produce authorization
> attempts.
>
> 2. The second is the one scenerio is the one that Lincoln has
> witnessed. When the "verify document" is set to never, the
> browser can be tricked into getting the document out of the
> cache without authenication.
>
I have a question after reading about caching the protected file.
How does it work if you are using a proxy server? Does it store
protected files? I guess that would imply a much more severe hole,
but then I don't know how the proxy server works... can someone
enlighten me ?
------------------------------------------
Magnus Lundgren NetGuide/TerraTel
iorlas@netg.se +46 (0)31 50 79 40
webmaster@netg.se
References: