The bug occurs when one user accesses a Web site that does not employ standards-based HTTP cache controls, thereby enabling another user on the same machine to view the same password-protected site visited by the first user and cached on the PC--without entering the original user's log-in and password.
The password itself would not be viewed.
Some users believe the bug has the possibility of being an annoying problem.
"If the [local] cache is compromised in such a way as to allow secure data to be accessed without using proper credentials--or in this case, without any credentials at all--then you have a big problem," said Scott Schnoll, a Portland, Oregon-based Windows developer.
Manual Work-Arounds
Schnoll said work-arounds exist for the bug, such as manually emptying the local cache, or configuring IE5 to automatically purge the cache when it is closed.
"The best solution would be in the form of a patch from Microsoft," Schnoll said. "It would be nice if IE5 users were able to take advantage of the benefits of a local Web cache without having to worry about security breaches such as this."
Microsoft is investigating ways to address this issue in a future release, the company said.
For more IT analysis and commentary on emerging technologies, visit InfoWorld.com. Story copyright © 2011 InfoWorld Media Group. All rights reserved.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
- Password Manager
- Help Solve the Outlook 'General Failure' E-Mail Error
- LastPass, Online Password Manager, May Have Been Hacked
- Facebook One-Ups Twitter with Site 'Subscribe' Button
- Gmail Bug Deletes E-Mails for 150,000 Users
- Creating Secure Passwords You Can Remember
- Google Offers Opt-Out for Wi-Fi Location Database
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.












