Vulnerability:Microsoft IIS Authentication Method Disclosure
Results 1 to 2 of 2

Thread: Vulnerability:Microsoft IIS Authentication Method Disclosure

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability:Microsoft IIS Authentication Method Disclosure

    Microsoft IIS supports Basic and NTLM authentication. It has been reported that the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted.


    Microsoft IIS Authentication Method Disclosure Vulnerability


    When a valid authentication request is submitted for either message with an invalid username and password, an error message will be returned. This happens even if anonymous access to the requested resource is allowed. An attacker may be able to use this information to launch further intelligent attacks against the server, or to launch a brute force password attack against a known user name.

    Remote: Yes

    Exploit: No exploit is required. The following HTTP requests have been provided as examples by David Litchfield (david@nextgenss.com):

    GET / HTTP/1.1
    Host: iis-server
    Authorization: Basic cTFraTk6ZDA5a2xt

    GET / HTTP/1.1
    Host: iis-server
    Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAAAA=

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability:Microsoft IIS Authentication Method Disclosure

    Microsoft IIS supports Basic and NTLM authentication. It has been reported that the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted.


    Microsoft IIS Authentication Method Disclosure Vulnerability


    When a valid authentication request is submitted for either message with an invalid username and password, an error message will be returned. This happens even if anonymous access to the requested resource is allowed. An attacker may be able to use this information to launch further intelligent attacks against the server, or to launch a brute force password attack against a known user name.

    Remote: Yes

    Exploit: No exploit is required. The following HTTP requests have been provided as examples by David Litchfield (david@nextgenss.com):

    GET / HTTP/1.1
    Host: iis-server
    Authorization: Basic cTFraTk6ZDA5a2xt

    GET / HTTP/1.1
    Host: iis-server
    Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAAAA=

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •