Browser credential challenges default to using domain credentials
When attempting to access FTP sites, web sites, etc. that require credentials, Internet Explorer (any version) will prompt you for credentials by way of a small browser initiated pop-up window that asks for a username and password (and will use NTLM based authentication). Prior to Windows 7, this pop-up window defaulted to using credentials for the site requested. I find that for our domain joined PC using Windows 7 (and IE8 for reference) are experiencing tremendous difficulty authenticating to FTP and web sites due to the fact that IE8 is defaulting to using credentials that are within the domain the computer is joined to. Here is what is happening: The credential prompt has two fields (username and password). A label exists under the password field that states "Domain: <my domain>". Prior to Windows 7, this was not the case. The result? Whatever credentials the user inputs for the FTP/web site, the browser will treat them as if they are credentials with the domain <my domain>. Technically, there is a workaround, that being to precede the credential "username" by another domain or IP Address, but c'mon. That shouldn't be necessary. I cannot seem to figure out why Windows 7 is doing this (I don't think it's the browser). I believe it may have to do with the CryptoAPI that the browser calls. In the end, we cannot access many sites because our credentials simply won't work. Thoughts?
April 26th, 2010 7:17pm

Don't have an answer, but I start to wonder if this is a potential exploit. Malicious site contains a javascript link to an FTP server. IE helpfully supplies a DOMAIN logon and password. With this info, malicious site now attempts a crack on the LAN the computer is connected-to. Would obviously need extensive testing to see if the exploit is feasible but hey, no browser should be releasing LAN-logon info to outside services.
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2010 7:28am

Thanks for the thougths Anteaus. It's as if IE is now defaulting to assuming that credentials within the local domain should be used. The prompt for credentials is blank, so the end user has to input some credentials. The prompt indicates however, that whatever credentials are entered, IE will assume that are credentials within the locally logged on domain. I'm going to see what happens if I logon to the computer with a local account.
April 27th, 2010 4:43pm

Even when logging on with a local user account, IE is defaulting to using credentials in the domain the computer is joined to. Interesting, if the computer is not part of a domain, the computer will prompt to using credentials that are part of the local computer
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2010 7:11pm

Have you found a solution yet? We're running into the same issue.
July 9th, 2010 5:24pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics