msie.5.previous.inputs.txt

1999-08-17T00:00:00
ID PACKETSTORM:12143
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Wed, 24 Mar 1999 16:04:00 -0500  
From: Anthony Pijerov <ajp@global2000.net>  
To: BUGTRAQ@netspace.org  
Subject: IE5 Feature/security hole  
  
In Internet Explorer 5, there is a feature, that remembers what you type  
into web page forms, so that if you ever come to enter that field again,  
it will drop down a box of your previous inputs.  
(Note, the first time you come to a form, it will ask you wether or not  
you want to enable this function, and you can say no)  
  
Good feature? Perhaps, it could be time saving, when say, having to type  
in your name on a form everytime.  
  
Security Hole? Yes. Credit Card Numbers, social security numbers,  
usernames, addresses. It will drop down a box with previous entered data.  
So if you say have a web site were you order stuff online, or entered some  
sort of data to verify yourself, the next person to use your computer can  
go to that same site, and have a nice list of what you typed. At a home  
computer the risk is limited to who you let use your computer, but at  
things like schools, or other areas where many people share the same  
computer, this could become a security/privacy problem. I verified it  
does work with Credit Card numbers on secure sites. I tested on CDNow and  
amazon.com (pretty popular sites to enter CC info).  
  
  
I think this feature is one that everyone needs to know to make sure is  
OFF.  
  
---------------------------------------------------------------------------  
Anthony Pijerov Customer Support: 452-1465  
ajp@global2000.net or 1-888-223-INET  
Customer Support Rep. http://www.global2000.net  
----------------------------------------------------------------------------  
`