Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability

2009-07-14T00:00:00
ID SMNTC-35631
Type symantec
Reporter Symantec Security Response
Modified 2009-07-14T00:00:00

Description

Description

Microsoft ISA Server is prone to an authentication-bypass vulnerability. An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources within the context of the selected account.

Technologies Affected

  • Microsoft ISA Server 2006
  • Microsoft ISA Server 2006 SP1
  • Microsoft ISA Server 2006 Supportability Update

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn't required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server.

The vendor has released an update. Please see the references for details.