| VID |
28601 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A user is found to have the Internet Explorer "Warn if changing between secure and not secure mode" option turned off.
The option "Warn if changing between secure and not secure mode" of Internet Explorer Security options controls whether it should warns users when they are connected to a secure (SSL) page and are following a link to a non-secure page. If this setting is enabled, the user can distinguish between viewing trusted and non-trusted content. By enabling the appropriate settings, you can prevent the attacker from launching further attacks using Internet Explorer.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.national.com.au/Internet_Banking/0,,13913,00.html#1
* Platforms Affected:
Microsoft Internet Explorer Any version |
| Recommendation |
Set the Internet Explorer Option to the appropriate value by using the following steps:
For Internet Explorer 4:
1. Open Internet Explorer.
2. From the View menu, select Internet Options.
3. Click the "Advanced" tab and Scroll down to the "Security" section.
4. Check the box "Warn if changing between secure and not secure mode".
For Internet Explorer 5 - 10:
1. Open Internet Explorer.
2. From the Tools menu, select Internet Options.
3. Click the ¡°Advanced¡± tab and Scroll down to the "Security" section.
4. Check the box "Warn if changing between secure and not secure mode". |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
362 (ISS) |
|
