OSVDB ID: 55836

Title: Microsoft ISA Server 2006 Radius OTP Security Bypass

Info

Disclosure

Jul 14, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ISA Server 2006 contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when the server receives a request from a user agent that indicates a fall-back to HTTP-Basic authentication and ISA does not properly authenticate the request. It is possible that the flaw may allow unauthenticated access resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

ISA Server

2006
2006 Supportability Update
2006 SP1

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/55836