VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 25, 1999· Updated Apr 16, 2026

CVE-1999-1235

CVE-1999-1235

Description

Internet Explorer 5.0 stores FTP credentials in history files, exposing them to local users and shoulder surfers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Internet Explorer 5.0 stores FTP credentials in history files, exposing them to local users and shoulder surfers.

Vulnerability

Internet Explorer 5.0 for Windows 2000 and Windows NT 4 stores FTP usernames and passwords in cleartext within history files, specifically index.dat located under user profile directories. These files are accessible to any user on the host due to default Everyone:Full Control permissions, bypassing traverse checking [1].

Exploitation

A local user can exploit this vulnerability by accessing another user's index.dat file. By referencing the absolute filename of the target user's history file, an attacker can read the stored FTP credentials. Additionally, an attacker observing the screen can read credentials displayed in the status bar when a user hovers over a link [1].

Impact

Successful exploitation allows a local user to obtain FTP usernames and passwords stored by other users on the same system. This can lead to unauthorized access to FTP servers and potential compromise of data stored on those servers.

Mitigation

No specific patch information is available in the provided references. Users should be cautious about entering credentials into Internet Explorer and consider alternative methods for FTP access. The vulnerability affects Internet Explorer 5.0 [1].

References
  1. Microsoft Internet Explorer 5 - FTP Password Storage

AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Microsoft/Internet Explorer2 versions
    cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
    • (no CPE)range: = 5.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.