BugNet, an online listing of security alerts, is warning users of Microsoft 's Internet Explorer 5 about a security hole that can lead to their user name and password being exposed when they access an FTP password-protected site.
The flaw reveals the information after users log on to an FTP site, using a password to gain entry, and then double-click on a file to download it from the FTP site, according to BugNet. During the download, the user name and password appear at the bottom of the screen as "ftp://UserName:Password@test.com/filename.txt," where test.com is the FTP site and filename.txt is the file being downloaded.
BugNet proposes that larger files being downloaded could possibly expose the private information for long periods of time.
KeyLabs, an independent testing facility in Lindon, Utah, confirmed the flaw, according to BugNet.
Microsoft said it was not aware of the problem but that it would look into the report, according to a company representative.
"If this issue does in fact pose a security risk to our customers we will move quickly to provide them with a solution," the representative said.
BugNet is at www.bugnet.com. Microsoft Corp., in Redmond, Wash., is at www.microsoft.com.