Microsoft IIS Various Domain User Account Access Vulnerability

May 21, 2001

SecurityFocus.com has sent us a "heads-up" regarding a flaw in Microsoft IIS' handling of FTP domain authentication. It seems that a user attempting to authenticate using a valid login name appended with specially chosen characters is not required to specify the domain which the account belongs. "The FTP service will instead search the domain and all trusted domains for the user account. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain."

Latest ColdFusion Talk (CF-Talk)

null500 on nested custom tag
SOT: Default Flash behavior when crossdomain xml is absent
Daylight Savings & Scheduled Tasks
Make HomeSite+ Open Source? (WAS: RE: Development Apps - Does anyone use homesite still?)
Phantom Scheduled Tasks
iText PDF signature
populate ColdFusion variable using javascript array
Two CFQUERY statements?
cfchart and bar colors
Anyone else have the latest CFBuilder crashing constantly?

Latest ColdFusion Jobs (CF-Jobs)

ColdFusion Software Engineer - Stamford, CT
Junior ColdFusion Position
Senior ColdFusion Guru in DC metro area
Expert needed for Coldfusion Performance Tuning
Web Developer (Enterprise Consulting Services) - Boston, MA
Certified ColdFusion Developer with 9 years experience available for telecommuting work
Senior Coldfusion Developer (Boston)
Previous Post (Sr ColdFusion Engineer) job location: Woburn, MA
Sr ColdFusion engineer position
Coldfusion with Oracle and PHP

Want a number like 800-ColdFusion?

My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?