TITLE:
Microsoft Internet Explorer 7 HTTP Basic Authentication IDN
Spoofing
SECUNIA ADVISORY ID:
SA25663
VERIFY ADVISORY:
http://secunia.c
om/advisories/25663/
CRITICAL:
Not critical
IMPACT:
Spoofing
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/
product/12366/
DESCRIPTION:
A weakness has been discovered in Internet Explorer 7, which
can be
exploited by malicious people to conduct spoofing attacks.
The problem is caused due to an unintended result of the
IDN
(International Domain Name) implementation in the HTTP
Basic
Authentication dialog. This can be exploited to spoof a
server
in the
authentication dialog using international characters in
domain
names
when a user visits a malicious web page.
The weakness is confirmed in Internet Explorer 7 on a fully
patched
Windows XP. Other versions may also be affected.
SOLUTION:
Do not provide user credential to suspicious authentication
dialogs.
ORIGINAL ADVISORY:
http://www.bitsploit.de/archiv
es/428-Cross-Domain-Basic-Auth-Phishing-Tactics.html
OTHER REFERENCES:
http://ha.ckers.org/blog/20070608/cro
ss-domain-basic-auth-phishing-tactics/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
