A vulnerability has been reported in Microsoft ISA Server, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error when authenticating requests using the HTTP-Basic method, which can be exploited to access a web published resource.
Successful exploitation requires knowledge of a valid administrative user name and that the ISA server is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
NOTE: This can further be exploited to completely compromise a system relying on the ISA Server 2006 Web publishing rules for authentication.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft ISA Server Security Bypass Vulnerability
RE: Microsoft ISA Server Security Bypass Vulnerability
3rd May, 2010 07:08
Score: -211 Posts: 2 User Since: 3rd May 2010 System Score: N/A Location: US Last edited on 3rd May, 2010 07:09
This is a wonderful opinion. The things mentioned are unanimous and needs to be appreciated by everyone. I appreciate the concern which is been rose. The things need to be sorted out because it is about the individual but it can be with everyone.
Was this reply relevant?
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.