Citibank Canada

[sweet_angel]

To: BugTraq
Subject: Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS
Date: Dec 30 2002 9:47PM
Author: Ben Laurie <[email protected]>
Message-ID: <[email protected]>
In-Reply-To: <[email protected]>


[email protected] wrote:
> Sunday, December 29, 2002
>
> There is a small silly hitch with CITIBANK CANADA's secured sign in
> to online banking:
>
> https://citibankcanada.ebilling.com/index.jhtml
>
> Specifically AUTOCOMPLETE="off" in the forms. It is not set.
>
> While much explanation is made about SSL connections and fancy
> digital certificates, the simplest of web programming errors
> Thwarte ! all that:
>
> CITIBANK CANADA's login allows for the Microsoft Internet Explorer
> autocomplete feature to function. What that does is remember your
> name and password. So on a public or even private machine, all one
> needs to do is, double click the "name" form and the password will
> automicrosoftly autocomplete [fill in].

This is, of course, a fault in IE, not Citibank.

Cheers,

Ben.

I just read this bugtraq...and my question is ...is this one of vulnerability...of IE?..if so... that could be dangerous..I suppose.
I can't go the link..today..but two days ago still on