IE5 Cached Web Credentials Vulnerability Patch

Under the Cached Web Credentials vulnerability, if a user logs onto a secured Web page using Basic Authentication, and subsequently visits a nonsecure page on the same site, Internet Explorer automatically sends the cached credentials, normally a user ID and password, to the nonsecure page. If a malicious user gains control over the other user's network communications, it is possible for the malicious user to read the credentials and use them. This vulnerability does not provide a means by which the malicious user can force another user to log onto a secure page, and can only be used to reveal credentials that had been cached during the current Internet Explorer session.The patch requires IE 5.01 SP1 to install. Customers who install this patch on other versions may receive a message reading ""This update does not need to be installed on this system."" This message is incorrect. Internet Explorer 5.5 is not affected by this vulnerability. Clicking the Download Now button will take you to a page on the developer's site where you can download the program.
File Size346.77 kB
Operating System Windows 98 Windows 95 Windows 2000 Windows Windows NT