User is not forced to authenticate when switching from Basic Authentication to NTLM Authentication on the same host, but different URI - Security Breach?

Launch the browser and load http://63.70.3.60/browser/users/basic/index.html
Enter a valid user name & password (basic/cisab)

Target page loads Load http://63.70.3.60/browser/users/digest/index.html
Target page loads without prompt, even though it has to prompt you for the following credentials(digest/tsegid).

If this test is run using any other browser, the second page will not load unless a valid user name & password is entered.
__
Based from Email conversation:
Been looking at http://bsetpl02.americas.nokia.com/browse/BR-6863 for some time.

Tester was just playing with old test cases, which exposed possible security issue.
First we load Basic Auth case, login successfully with basic/cisab; than, what we think, we load digest case, but it does not prompt us to supply credentials just logs us in.

I traced it via Ethereal, and saw that server is actually is misconfigured and is using NTLM authentication on the background(in digest case). We can claim it as use case issue... but why it is not a security hole, as NTLM is not prompting the user for new credentials? I understand that we cache them in QT Networking, but URL is different, Authentication method is different, why user is not prompted?