Check or Attack Name: IE non-secure submission

The web browser issues no warning when submitting non-encrypted form data to the HTML page making the data request. The user may be unable to distinguish between submitting encrypted and non-encrypted form data. Potentially sensitive data may be intercepted by packet sniffing.

Depending on your version, select one of the following choices in Internet Explorer:

• In Internet Explorer 2.x, from the Options dialog box, go to Security and disable Low: Do Not Warn Before Sending.
  1. Open Internet Explorer 2.x.
  2. From the View menu, select Options.
  3. Click the Security tab.
  4. Locate the security feature and set it to the recommended value.
  5. Click OK to apply the changes.
• In Internet Explorer 3.x, from the Options dialog box, go to Advanced and enable Warn Before Sending Over an Open Connection.
  1. Open Internet Explorer 3.x.
  2. From the View menu, select Options.
  3. Click the Advanced tab.
  4. Locate the feature and set it to the recommended value.
  5. Click OK to apply the changes.

• In Internet Explorer 5.x, from the Internet Options dialog box, go to Security and disable the appropriate settings under Miscellaneous.

  1. Open Internet Explorer 5.x.
  2. From the Tools menu, select Internet Options.
  3. Click the Security tab, and then click Custom Level.
  4. From the Miscellaneous folder, locate Submit nonencrypted form data and set it to the recommended value.
  5. Click OK to apply the changes.