7 matches found
Design/Logic Flaw
Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...
CVE-2009-1135
Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...
CVE-2009-1135
CVE-2009-1135 affects Microsoft ISA Server 2006 (Gold/SP1) when Radius OTP is enabled. The vulnerability stems from ISA Server using HTTP-Basic authentication for Radius OTP-enabled requests, which can let a remote attacker impersonate a valid user and access published web resources behind the IS...
Microsoft ISA Server Radius OTP验证绕过漏洞
Bugraq ID: 35631 CVE ID:CVE-2009-1135 Microsoft ISA Server是一款企业防火墙和高性能的Web缓存解决方案。 配置了Radius OTP的ISA Server 2006验证机制存在问题,远程攻击者可以利用漏洞绕过验证访问受限WEB资源。 当使用HTTP-Basic方法验证请求时存在未明错误,可导致访问WEB发布的资源。 成功利用漏洞需要合法管理用户名和ISA服务器配置了Radius一次性密码OTP验证和KCDKerberos Constrained Delegation的验证委托。 Microsoft ISA Server 2006...
Microsoft ISA Server Privilege Escalation Vulnerability (970953)
This host is missing a critical security update according to Microsoft Bulletin MS09-031. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft ISA Server Privilege Escalation Vulnerability (970953)
This host is missing a critical security update according to Microsoft Bulletin MS09-031. OpenVAS Vulnerability Test $Id: secpodms09-031.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft ISA Server Privilege Escalation Vulnerability 970953 Authors: Nikita MR Copyright Copyright c 2009 SecPod,...
MS09-031: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
The version of Microsoft Internet Security and Acceleration ISA Server 2006 installed on the remote host may allow an unauthenticated attacker with knowledge of administrator account usernames to gain access to published resources in the context of such a user without having to authenticate with...