[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

Strange password pop up dialog box. 500pts

One of the users that I support at my company called me down to their desk saying that each time they went to a certain webpage they would receive a pop up box asking for username and password. I figured that there account might have been locked out and that what was triggering the username/password/domain box. I looked in AD and saw that his account was not locked out, so I went down to take a look at the computer.

The password box apparently only pops up on certain webpages the one for this call being ESPN.com. The pasword box was definitely not one that I have ever seen before. It looked like a unix password box. Im assuming that it may be something connected to the version of the Java runtime environment they have installed on the computer.

I have a screenshot of the box that I took is there a way to post it up for you guys.
0
mpatrick65
Asked:
mpatrick65
  • 3
  • 3
1 Solution
 
mpatrick65Author Commented:
The password box is like the one shown here

http://www.cisco.com/univercd/illus/1/42/113942.jpg
0
 
mikeleebrlaCommented:
is the IP address on the password box an IP of one of your routers/firewalls or is it another IP that you dont own/manage??
0
 
mpatrick65Author Commented:
The box has the fields set as

Firewall : "Unknown Site"
Realm :
Scheme: "NTLM"
Username:
Password:

As far as I know we do not use anything similar to this in our organization.
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
mikeleebrlaCommented:
well from what i can tell one of 3 things is going on:

1.  "pharming" (which is an advanced form of phishing) has taken over your DNS and redirected www.espn.com (and other sites im sure) to redirect them to this site in an attempt to steal usernames/passwords.  I doubt this is the case since this login screen looks nothing like anything youd see on espn.com

2.  there is in fact a device on your network that is blocking www.espn.com.  The only thing odd about this is that most of the time if you have  a device blocking certain internet sites it will say "you are not authorized to view this page" instead of taking you straight to a login screen like this.

3.  is this happening on just one machine?  if so it is more than likely a form of spyware that has redirected www.espn.com to this site.
0
 
mpatrick65Author Commented:
Update: Following my hunch based on the actual look of the password box that was appearing I tracked down the version of the Java runtime environment they had installed, it ended up being a much older version than the currently available version. I uninstalled and reinstalled the Java Environment and restarted the computer and had the user again attempt to access the page. This seemed to correct the problem as the password box is no longer popping up upon entering the page. As a side effect to replacing the Java Environment the user was able to print the ESPN.com webpage which he previously was unable to do. Apparently each time he went to print that page it would lock his IE up while other pages would print fine. I think I am going to call this problem solved.
0
 
mikeleebrlaCommented:
glad you got it working.. you can request that your points be refunded in the support section
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now