gwilks98

Conditions that need to be met:
[list=1][*]Status bar is turned on.[*]You log on to an FTP site using IE.[*]You double click on a file inside the FTP site (like a word doc.) in an attempt to open it.[*]Internet Options for IE is set to prompt you to decide if you want to open or save the file you just clicked on.[/list=1]

Once you get the prompt, check out your status bar and it'll have the cached username and password cached into a web address.

Ftp://username:password@ftp.site.com/folder/file1.doc is how it'll look.

If your FTP site users are using the same log in credentials as your domain, I could see how this could compromise your network. Good ol' Microsoft<sigh>


<waits for post from ribitch>

__________________
"I know the pieces fit, cause I watched them fall away."

"Cold silence has
A tendancy to
Atrophy any
Sense of compassion."

MJK

bachviet

IE??? What is that? J/K

__________________
Dell Dimension 9200 | Intel Core 2 Quad Q6600 (2.4GHz) | 4x1GB DDR2 | 256MB nVidia GeForce 8800GT

Dell Studio 17 | Intel Core i7-720QM (1.6GHz) | 2x2GB DDR3 1066MHz | 1GHz ATI Mobility Radeon HD 4650

Intel P4-C 3.0GHz | ECS 865PE-A | 3x512MB PC3200 | 128MB PNY GeForce 6600GT

Joshua

Actually, I don't believe thats a bug. FTP always passes your logon credentials in clear text. FTP itself it insecure. If you're that concerned about it, I'd recommend SFTP or another secure version. When you want to get to any password protected ftp site, that is the syntax you'd use.

Alternatively, you can use an ftp client like Cute FTP so that it would be separate from IE.

__________________
The Apexer formerly known as SnotRocket.

"Like I ****ing said, "Ok, so I hear it may be a repost. Blah But I had never seen it, so..." **** you Canta." -Jenny 12/4/2003