A new unicode bug in IIS has been discovered which allows an attacker access to resources behind password protected sites. This issue only seems to affect IIS 6 (5 and 7 seem immune) and no fix has been issued at this time.

**Hidden Content: Check the thread to see hidden data.**