[Dshield] web authentication incompatibility (was: An unfixed ... vulnerability ... in MSIE)

Johannes B. Ullrich jullrich at sans.org
Fri Apr 9 13:42:40 GMT 2004


> I got as far as not being able to log in

If I remember right, there are some incompatibilities in the
encrypted 'digest' authentication. So if your web application
uses this authentication type, you may be out of luck :-/

Overall, internal web apps are likely a problem for many
companies. While public web sites should be designed with
multiple browsers in mind, internal web sites frequently 
rely on a company standard browser to make development 
easier. Nothing wrong with that until you decide to change
the standard company browser and find that you may have to
rebuild the web app.

Changing the authentication method is usually not too bad. But
if you use ActiveX/Javascript and such, you may be looking at
more or less a rebuild from scratch.



-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040409/e6d3f9f0/attachment.bin


More information about the list mailing list