Greetings, We've come across an annoying bug that appears to be in Internet Explorer 8 & 9 on Windows 7. If a user accesses a web site that uses basic auth and they copy their login and or password into the Windows Security dialog, then paste the value using their right mouse button, the authentication fails.
Checking the headers reveals that, depending on what was pasted (either login or password), the basic auth header is either missing, incomplete or corrupted. Interestingly if Ctl-V is used for the paste then everything's fine. I can find very little information about this online. Although there is a discussion at http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/80f59d82-84ca-4d87-93d4-dacc61f46a3f/ there's no indication that this has been acknowledged as a bug by Microsoft or that they're doing anything about it. Has anyone stumbled across this or knows more from a Microsoft perspective? I've also had a report from one user that this is also a problem when using Windows Explorer to access a protected share but I've yet to confirm this for myself. -- Regards, noonie P.S. As to why would a user would copy and past their password... probably because we force them to use complex un-rememberable passwords :-(
