Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft ISA Server RADIUS authentication bypass
Published:14.07.2009
Source:
SecurityVulns ID:10071
Type:remote
Threat Level:
5/10
Description:It's psosible to bypass form-based authntication if server is set to use RADIUS authentication with One Type passwords.
Affected:MICROSOFT : Internet Security and Acceleration Server 2006
CVE:CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) (14.07.2009)
Files:Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod