Zone auto user authentication

Risk Level: Low risk vulnerability  Low

Check or Attack Name: Zone auto authenticate
Platforms: Windows NT, Internet Explorer
Description:

The security zone settings allow the web browser to automatically transmit the user's credentials when requested from an HTML page in the selected URL security zone. A potentially malicious web site may automatically obtain the user's credentials without the user's knowledge.
Remedy:

Depending on your version, select one of the following choices in Internet Explorer:

For Internet Explorer 4.x:

  1. Open Internet Explorer 4.x.
  2. From the View menu, select Internet Options.
  3. Click the Security tab.
  4. Select the appropriate Zone.
  5. Click Custom (for expert users).
  6. Click Settings.
  7. Set the Prompt for user name and password to log on. Do not use Automatic logon with current username and password.
  8. Click OK twice to apply the changes.

For Internet Explorer 5.x:

  1. Open Internet Explorer 5.x.
  2. From the Tools menu, select Internet Options.
  3. Click the Security tab.
  4. Select the appropriate Zone.
  5. Click Custom Level.
  6. In the User Authentication, Logon area, enable Prompt for user name and password to log on. Do not use Automatic logon with current username and password.
  7. Click OK twice to apply the changes.
References:
X-Force Logo
Know Your Risks