Re: Insecure WWW Access Authorization Protocol?
Tony Sanders ([email protected])
Wed, 9 Mar 1994 21:11:22 --100
michael shiplett <[email protected]> writes:
> 2) Mallet intercepts the request and sends to Alice:
> 401 Unauthorized
> Authenticate: KerberosV4 "[email protected]"
> This is the critical step, because Mallet is able to control to
> which service Alice should authenticate herself.
Would someone please explain to me why a user would enter a password
at a prompt that read: "[email protected]" (or anything
thing else they didn't recoginze?
Wouldn't they have to have a password for that realm and don't you
think they might think "gee, I don't have a password for that
realm".
What's missing from this picture?
--sanders