MS Security Bulletin MS04-004 Broke my script

  • Thread starter Thread starter Steven Burnett
  • Start date Start date
S

Steven Burnett

I have been happily making mods to my Broadband router
using Task Manager and opening IE with the following URL:
http://-:[email protected]/Gozila.cgi?
PasswdModify=0&filter_ipA3_start=0&filter_ipA3_end=0&filter
_ipB3_start=0&filter_ipB3_end=0

As the router has no username (nor a way to set one), I
found the - worked for null. Now that I applied the
latest security patch that command causes a 404Error Page
Can not open.

Is there a new way to pass a null username in a URL?
 
I have been happily making mods to my Broadband router
using Task Manager and opening IE with the following URL:
http://-:[email protected]/Gozila.cgi?
PasswdModify=0&filter_ipA3_start=0&filter_ipA3_end=0&filter
_ipB3_start=0&filter_ipB3_end=0

As the router has no username (nor a way to set one), I
found the - worked for null. Now that I applied the
latest security patch that command causes a 404Error Page
Can not open.

Is there a new way to pass a null username in a URL?
Click to expand...

I'm not sure but this excerpt from the "Technical Details" section of
the security bulletin on Technet looks like it might explain what is
happening to you. Here is the link to the security bulletin:

http://www.microsoft.com/technet/security/bulletin/ms04-004.asp

< quote >
This Internet Explorer cumulative update also includes a change to the
functionality of a Basic Authentication feature in Internet Explorer.
The update removes support for handling user names and passwords in HTTP
and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft
Internet Explorer. The following URL syntax is no longer supported in
Internet Explorer or Windows Explorer after you install this software
update:

http(s)://username:password@server/resource.ext

For more information about this change, please see Microsoft Knowledge
Base article 834489.
< unquote >

Nevans
 
Nancy,
Thank you so much. Dont I feel like an idiot for not
taking the time to read the ENTIRE bulletin! The
instructions to defeat the behavior is right in the
article :)
 
Back
Top