IE5 hole reportedly exposes user name, passwords

BugNet is warning of Microsoft 's Internet Explorer 5 about a security hole that can lead to user names and passwords being exposed during downloads from password-protected FTP sites. Bugnet says the information is displayed at the bottom of screens during the FTP download.

BugNet, an online listing of security alerts, is warning users of Microsoft 's Internet Explorer 5 about a security hole that can lead to their user name and password being exposed when they access an FTP password-protected site.

The flaw reveals the information after users log on to an FTP site, using a password to gain entry, and then double-click on a file to download it from the FTP site, according to BugNet. During the download, the user name and password appear at the bottom of the screen as "ftp://UserName:Password@test.com/filename.txt," where test.com is the FTP site and filename.txt is the file being downloaded.

BugNet proposes that larger files being downloaded could possibly expose the private information for long periods of time.

KeyLabs, an independent testing facility in Lindon, Utah, confirmed the flaw, according to BugNet.

Microsoft said it was not aware of the problem but that it would look into the report, according to a company representative.

"If this issue does in fact pose a security risk to our customers we will move quickly to provide them with a solution," the representative said.

BugNet is at www.bugnet.com. Microsoft Corp., in Redmond, Wash., is at www.microsoft.com.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]