Screaming Penguin

Well, IE4 was riddled with holes, er uh I mean "features", so why not IE5 (and 5.01.) The latest Microsoft Security (yes, oxymoron) problem is that a bug has been discovered which allows anyone to access a "secure" site with the same user information that was used previously on that same browser. Yes, someone would have to log on locally, but this is a security risk. Especially in shops where multiple users use many machines and or public machines. Apparently IE5 caches the information somehow. A user on devshed posted the problem. This may or may not be related to the auto password (very annoying) feature in IE5, the user does not specify if it is enabled or disabled. At any rate if a site has been previously accessed all you need to do to gain future access is hit the site, then hit cancel for the password submission (which denies your access) and then hit back! Hitting "back" does the trick, the password dialog does not reappear, you are just in. Now I realize that this will seem trivial to some users, especially home only users. But to anyone who hits the bank, web enabled administration sites or any secure site from a public or semi-public machine (like work) then beware. And if its your laptop, then make sure it doesnt get stolen because thief x can transfer all of your money, etc, etc, etc. Think about it, big problem. IE users, BEWARE. Check the DevShed link for further details.   Devshed: IE5 HTTP Auth Bug