FTP flaw discovered in IE6

By Justin Mann on
Recently, a flaw that is eerily similar to one that was quashed many ages ago has been discovered in IE6 and IE5. This particular flaw only relates to the integrated FTP functionality of the browser, but could lead to a session hijack with nothing more than an username. Given that most FTP transactions are done unencrypted, this is less difficult to get than one might think. For all those who stay updated, IE7's FTP functionality is not vulnerable to this flaw.

For all the flak Microsoft took in forcing Windows users to upgrade to IE7 (ok, maybe not completely forced), a lot of it had to do with them wanting to move on to better platforms. IE6, for its age, had become quite long in the tooth. Yet, even today, it is still a common browser and as such its users are still at risk when new flaws are discovered. Somehow I imagine this will not be high on Microsoft's “to patch” list.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.