[prev in list] [next in list] [prev in thread] [next in thread]
List: konq-bugs
Subject: Bug#43305: security: www-site password is transferred to validator.w3.org for html-code check functi
From: xsov () mail ! ru
Date: 2002-05-31 12:15:11
[Download RAW message or body]
Package: konqueror
Version: KDE 3.0.0
Severity: wishlist
Installed from: Slackware Packages
Compiler: GCC 2.95.3
OS: Linux
OS/Compiler notes: Linux Slackware 8.0 (GCC from Slackware)
1. We have www-site with password.
2. We use link like http://USER:PASSWD@SITE.DOM
3. It is Ok that PASSWD disappears in address bar when going to this link.
4. It is security hole when PASSWD is transferred to validator.w3.org without \
notification, when I use HTML-code check function from menu.
Seriously, dumb user can use this function and password for intranet-corporate \
confidencial www-system will transfer over all internet to validator.w3.org.
I think same hole is with CSS-code check.
(Submitted via bugs.kde.org)
(Complete bug history is available at http://bugs.kde.org/db/43/43305.html)
_______________________________________________
Konq-bugs mailing list
Konq-bugs@mail.kde.org
http://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic