Steps to reproduce
Vulnerability Test Case
For example i have here an image that can be used on any site - It will ask you for authentication when the image try to load.
The image is generated by a server side PHP script and can therefore grab and save your credentials to a database or whatever.
Don’t panic, this image is for demonstration only and does not log any credentials, i’m a white hat.
<img src="http://bfldev.com/auth-pishing.jpg" alt=""/>
A external demonstration page where you see it in action
Never ask for auth windows in embedded images or other embedded stuff.
Dev Channel specific:
Comments and activity
- Microsoft Edge Team
Changed Assigned To to “Tony S.”
Changed Assigned To from “Tony S.” to “John H.”
Changed Assigned To from “John H.” to “IE F.”
Changed Status to “Won’t fix”