HTTP authentication fails in Windows 7 with IE8 if login details are pasted in using the mouse. RRS feed

  • General discussion

  • I hope this is the correct place to report this issue and I know it sounds strange but I believe that I have found a very real bug in the Windows 7 IE8 HTTP authentication dialogue (Windows Security Login window).

    As a web developer I first noticed this on my new Windows 7 machine when trying to log in to some of my cPanel website control panels. Basically the Windows Security HTTP login box would appear and I would enter the correct username and password before clicking OK. The credentials would be refused and a legacy cPanel box would appear which would then accept my credentials.

    Let me say right away that this did not only happen on cPanel managed websites. It would also happen on any site or page which required an HTTP login. Let me also say that I checked the problem out on a completely different computer (also running Win7 with IE8) and the behaviour was exactly the same.

    After much searching around I came across a forum article (http://www.compuhelpforum.com/forums/showthread.php?t=25166) in which the author had the same problem and had discovered something rather unusual about it. Namely that the login failure only occurred if the credentials were pasted into the Windows Security HTTP login box using a mouse (i.e. right click and select "paste"). In the article the writer said that typing the username and password or even pasting in using Ctrl-V rather than the mouse resulted in the login details being accepted.

    Curious about this I applied this workaround to my HTTP logins and was astonished to find that it worked. I then carried out several variations of the process, the results of which you can see here:

    If I type in both username and password, authentication works
    If I type in either the username or password but copy/paste the other item in with the mouse, authentication fails
    If I copy either or both items with the mouse but paste in using Ctrl-V authentication works
    If I copy either or both items with the mouse but use Shift-Insert to paste, authentication fails

    Using the mouse to select either box and/or click OK does not alter any of the above.

    Same behaviour on multiple Win7 with IE8 machines. No such problem with other browsers or other Windows versions.

    I don't begin to understand why this occurs but I feel sure that this is a bug. Hopefully someone from Microsoft will see this and investigate. It is very easy to replicate assuming you have login credentials for a website which uses HTTP authentication. Simply try first by pasting in the credentials using a mouse and then by using one of the successful methods above.

    • Changed type Miya Yao Monday, March 14, 2011 7:58 AM
    Thursday, March 10, 2011 12:48 PM

All replies

  • Ok just to demonstrate this more clearly, I have set up a password protected directory on one of my websites. Rest assured it only contains a confirmation page for when you have logged in sucessfully.

    Those of you who have a win7 setup using IE8 as your browser can test out the issue detailed above by going to: http://www.rnginternet.co.uk/logintest/ The Windows Security login dialogue will appear and you should first test the failed login scenario by pasting in the following details using your mouse to copy and paste:

    Username: logmein
    Password: pass123

    Then click OK

    You should find that the login dilaogue returns which signifies the failed login.

    Now try again but this time either type in both sets of login details or paste in using Ctrl-V to paste rather than the mouse (you can still use the mouse to copy). You should now find that your login details are accepted.

    To repeat the test you will need to close the browser completely and then renavigate to the URL after reopening.

    Hopefully this will help to illustrate this bug.


    Thursday, March 10, 2011 1:23 PM
  • Hi,

    Thanks for the post!

    You can submit the feedback to our Product Feedback Team: http://mymfe.microsoft.com/windows%20%207/feedback.aspx?formID=195.

    I will also report this to product team and give you update as soon as I get any information.



    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, March 14, 2011 7:58 AM
  • I can confirm that this bug happens on our system as well. It seems that when we copy/paste the username, the Domain is not selected correctly. However, it depends on the system (one system it works, other system, when logging in with a name of the form "xxx@domain.ex", the domain remains "DEMO" and we couldn't change it).

    Monday, March 14, 2011 3:06 PM
  • I can confim we are experiencing the same problem as Robolovsky. Our company utilizes a program called GlobalSCAPE Secure Ad Hoc Transfer system. We are on Windows 7 Ent/IE8. This was never a problem when we were on XP SP2 and IE8

    When you send the credentials in an email, the recipient can Copy/Paste with the mouse on the Username into the Windows Security login dialogue successfully, but if you try to Copy/Paste with the mouse on the password, login will fail, followed by the emptying of the username and password fields. I tried this in Firefox 4.0 and Copy/Paste with the mouse works correctly and logs the recipient in to the secure site.

    If I type in both the username and password, login is successful. Also, hilighting and using Control-C and Control-V to input the credentials in the login dialogue are successful. There seems to be some glitch or bug with how IE8 handles the right-click/paste function with passwords. If you right-click/paste the password into Notepad, it pastes correctly (including case sensitivity).

    I look forward to a resolution with this.

    Monday, March 28, 2011 9:05 PM
  • Thanks Miya Yao. Has there been any response?

    Good to hear from Abel Braaksma and pviacruc that they have experienced this same problem.

    Let's hope for a solution soon.

    Wednesday, April 6, 2011 7:40 PM
  • We are experiencing this same issue, the website we are accessing is internal and the authentication type is basic, and unencrypted. using the right-click context menu to copy/paste the UID, or PW causes a fail. Using CTRL-V or manually typing in credentials results in success.




    Friday, August 12, 2011 4:43 PM
  • I am also seeing this same problem on Windows Server 2008 R2 and IE 8.
    Pro LINQ: Language Integrated Query in C# 2008 - http://www.linqdev.com - http://www.netsplore.com
    Wednesday, September 14, 2011 10:42 PM
  • I have just experienced this problem. Suffice to say I was surprised there was a forum on this and that it goes back some time.

    Win7 +IE8.

    I've not seen any fix listed by MS yet. Does any one know if this is resolved??

    Tuesday, November 29, 2011 2:05 PM
  • I am seeing the same problem with MS Internet Explorer 9.0.8112 under Windows 7 Pro Version 6.1 build 7601: Service Pack 1).

    Other than chatting with each other here, is there an established way to formally report this bug to Microsoft?  Has anybody done it?

    Thursday, August 9, 2012 4:31 AM
  • I have similar issue but with Server 2003 and Windows XP sp3 and authentication window just keeps bouncing back with both the  user id and pwd filled.

    Could this be in any way related?

    Please check out my issue for more detail



    Sunday, January 13, 2013 11:39 PM