M$ IE implementation of MD5 Digest - VMS

This is a discussion on M$ IE implementation of MD5 Digest - VMS ; I have a VMS app that I have incorporated with MD5 Digest Authentication. It works like a champ on virtually every MODERN web browser I have tested save for M$IE. V5, V6 and V7 all fail. I been googling for ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: M$ IE implementation of MD5 Digest

  1. M$ IE implementation of MD5 Digest

    I have a VMS app that I have incorporated with MD5 Digest Authentication.

    It works like a champ on virtually every MODERN web browser I have tested
    save for M$IE. V5, V6 and V7 all fail. I been googling for details as I
    did find that there's an issue with M$IE and a query string when there is
    MD5 Digest involved.

    Since there is such a knowledgeable base here with M$IE as well as network
    security, I was wondering if anybody knows what it is that M$IE does wrong
    in its implementation of MD5 Digest. I've found pointers to discussion of
    Apache having a "hack" parameter to make MD5 function with M$IE but I can
    not seem to find any details about what it is that is passed between M$IE
    and server that is problematic and or how to hack around it. The M$ site
    database has been pretty useless in my searches too.

    Any pointers welcome... and, hopefully for all, a Happy New Year.

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  2. Re: M$ IE implementation of MD5 Digest

    In article , VAXman- @SendSpamHere.ORG writes:
    >
    >
    >I have a VMS app that I have incorporated with MD5 Digest Authentication.
    >
    >It works like a champ on virtually every MODERN web browser I have tested
    >save for M$IE. V5, V6 and V7 all fail. I been googling for details as I
    >did find that there's an issue with M$IE and a query string when there is
    >MD5 Digest involved.
    >
    >Since there is such a knowledgeable base here with M$IE as well as network
    >security, I was wondering if anybody knows what it is that M$IE does wrong
    >in its implementation of MD5 Digest. I've found pointers to discussion of
    >Apache having a "hack" parameter to make MD5 function with M$IE but I can
    >not seem to find any details about what it is that is passed between M$IE
    >and server that is problematic and or how to hack around it. The M$ site
    >database has been pretty useless in my searches too.
    >
    >Any pointers welcome... and, hopefully for all, a Happy New Year.


    Nevermind.

    After googling all weekend and into the New Year, I finally figured it out.
    I finally found a site that also used MD5 Digest Authentication and wrote a
    bit of code to watch the HTTP header data to and fro. I also found mention
    of a "hack" in Apache to fix a problem with M$IE MD5 Digest Authentication.
    Of course, there was little detail on the actual problem(s), just mention of
    an Apache config parameter to enable the hack. Needless to say, Micro$haft,
    did their very best to NOT implement RFC2617 correctly.

    Happy New Year!

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

+ Reply to Thread