Microsoft IIS Various Domain User Account Access Vulnerability

 
May 21, 2001
SecurityFocus.com has sent us a "heads-up" regarding a flaw in Microsoft IIS' handling of FTP domain authentication. It seems that a user attempting to authenticate using a valid login name appended with specially chosen characters is not required to specify the domain which the account belongs. "The FTP service will instead search the domain and all trusted domains for the user account. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain."

Microsoft IIS Various Domain User Account Access Vulnerability

Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting