发布时间 :1999-08-25 00:00:00
修订时间 :2008-09-05 16:19:02

[原文]Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.

[CNNVD]Internet Explorer FTP服务器信息泄露漏洞(CNNVD-199908-053)

        Internet Explorer 5.0版本记录URL历史记录中FTP服务器上的用户名和密码,(1)本地用户利用从其他用户的index.dat读取信息,或者(2)当用户鼠标移动至链接上时,被物理窥探("shoulder surfing")的人利用从状态栏上读取信息。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  nt-ie5-user-ftp-password(3289)

- 漏洞信息

Internet Explorer FTP服务器信息泄露漏洞
中危 未知
1999-08-25 00:00:00 2005-10-20 00:00:00
        Internet Explorer 5.0版本记录URL历史记录中FTP服务器上的用户名和密码,(1)本地用户利用从其他用户的index.dat读取信息,或者(2)当用户鼠标移动至链接上时,被物理窥探("shoulder surfing")的人利用从状态栏上读取信息。

- 公告与补丁


- 漏洞信息 (19473)

Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability (EDBID:19473)
windows local
1999-08-25 Verified
0 Makoto Shiotsuki
N/A [点击下载]
Microsoft Internet Explorer 5.0 for Windows 2000/Windows NT 4 FTP Password Storage Vulnerability


FTP usernames and passwords for sites accessed via Internet Explorer 5.X are stored (cleartext) in history files stored under \Winnt\Profiles\[Username]\History\History.IE5\index.dat and \Winnt\Profiles\[Username]\History\History.IE5\MSHist<date>..\index.dat. By default, the \Winnt\Profiles\[Username]\History directories are secured with ACLs to allow Full Control for System, the Administrators group, and the given Username. The index.dat files, however, are created with Everyone:Full Control permissions.

Because the "Bypass Traverse Checking" right is assigned by default to the Everyone group, any user with access to the host can read any other user's index.dat files. 

To bypass traverse checking and access another user's index.dat files, reference the absolute filename. For example, to search for all index.dat files belonging to the "administrator" account, issue the following command from a command prompt:

find "//"<\winnt\profiles\administrator\history\history.ie5\index.dat 		

- 漏洞信息

Microsoft IE URL History FTP Credential Disclosure

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-03-31 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete