CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined...

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...

CVE-1999-0853

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure...

asp-server-var.passwds.txt

Date: Wed, 12 Aug 1998 19:26:27 +0800 From: VINCENT LOK Subject: obtain domain users password via asp server variable Dear all, Just noticed that with basic authentication on IIS, one can obtain password of users accessing the ASP page via the server variable AUTHPASSWORD. The line in an asp file...

CVE-1999-1372

Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges...