Security Update 832894 causing 'this page cannot be displayed'

[Dan]

I have a website where I need to pass the username and password
through the URL to authenticate. The latest security update considers
this a security hole that can be exploited. So, basically, I'm no
longer able to use username[email protected] to authenticate. I
would think that there is a workaround to this, considering how often
I see this used. Does anybody have any suggestions?

 

[Martin]

Try the following:

Windows Registry Editor Version 5.00
Locate the following keys in the registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWOR
D_DISABLE]

and create or modify the values to the following:

"explorer.exe"=dword:00000000
"iexplore.exe"=dword:00000000

Make sure that you export any existing keys that you change before making
this change, or at least ensure you can roll back either by a Restore point
or a SCANREG/RESTORE.

Hope this helps,
Martin

 

[Dan]

Is this a client side or server side fix. In other words, if I do
this on the server that hosts the site, will everybody's browser work
with the site again? If so, this would be tremendously helpful.

Try the following:

Windows Registry Editor Version 5.00
Locate the following keys in the registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWOR
D_DISABLE]

and create or modify the values to the following:

"explorer.exe"=dword:00000000
"iexplore.exe"=dword:00000000

Make sure that you export any existing keys that you change before making
this change, or at least ensure you can roll back either by a Restore point
or a SCANREG/RESTORE.

Hope this helps,
Martin

I have a website where I need to pass the username and password
through the URL to authenticate. The latest security update considers
this a security hole that can be exploited. So, basically, I'm no
longer able to use username[email protected] to authenticate. I
would think that there is a workaround to this, considering how often
I see this used. Does anybody have any suggestions?

 

[Robert Aldwinckle]

Is this a client side or server side fix.

Here's the whole article that includes Martin's information:

<TITLE>834489 - A security update is available that modifies the default behavior of Internet Explorer for handling user information
in HTTP and in HTTPS URLs</TITLE>
< http://support.microsoft.com/?kbid=834489 >


Look under the heading (near the bottom):

<H3>How to disable the new default behavior for handling user information in HTTP or HTTPS URLs</H3>


Another of the headings in that article is:

<H3>Workarounds for application and Web site developers</H3>

Those seems to be entirely different options but I think they could be
closer to a server side solution if you can make use of them.


Good luck

Robert Aldwinckle
---

Is this a client side or server side fix. In other words, if I do
this on the server that hosts the site, will everybody's browser work
with the site again? If so, this would be tremendously helpful.

Try the following:

Windows Registry Editor Version 5.00
Locate the following keys in the registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWOR
D_DISABLE]

and create or modify the values to the following:

"explorer.exe"=dword:00000000
"iexplore.exe"=dword:00000000

Make sure that you export any existing keys that you change before making
this change, or at least ensure you can roll back either by a Restore point
or a SCANREG/RESTORE.

Hope this helps,
Martin

I have a website where I need to pass the username and password
through the URL to authenticate. The latest security update considers
this a security hole that can be exploited. So, basically, I'm no
longer able to use username[email protected] to authenticate. I
would think that there is a workaround to this, considering how often
I see this used. Does anybody have any suggestions?

 

[Bert Hyman]

In "Martin"

Try the following:

Fascinating. I've seen several posts offering various registry patches to
fix this problem and I don't have the referenced registry keys present on
my machine, even though I've installed the update and have the problem that
the patch is supposed to fix.

I just did a search of my registry for the string "FEATURE_" and didn't
find "FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" anywhere.

I'm running XP Pro.

 

[Wes]

Bert:

I had to add the FeatureControl and
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE keys to my registry and then
add the DWORD value ("iexplore.exe" = 0) to the
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE key.

Wes

 

[Bert Hyman]

(e-mail address removed) (Wes) wrote in

Bert:

I had to add the FeatureControl and
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE keys to my registry and then
add the DWORD value ("iexplore.exe" = 0) to the
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE key.

Thanks; that's better.

From the wording of the first message, I was expecting those keys to
be there already.

 

[Highrock]

(e-mail address removed) (Wes) wrote in


Thanks; that's better.

From the wording of the first message, I was expecting those keys to
be there already.

I am also running xp pro and this registry fix does not work for me
And to top it off, I cannot un install 832894 using the add/remove in
the control panel.
Any ideas anyone?
Thanks
Neil

 

[Highrock]

I am also running xp pro and this registry fix does not work for me
And to top it off, I cannot un install 832894 using the add/remove in
the control panel.
Any ideas anyone?
Thanks
Neil

I have found a solution that removed the patch in another news group.
From Run in the Start menu, run the following::-

%windir%\ieuninst %windir%\inf\q832894.inf

My path was..... c:\windows\ieuninst c:\windows\inf\q832894.inf

Cheers
Neil