Title: Microsoft ISA Server 2006 Radius OTP Security Bypass
Jul 14, 2009
ISA Server 2006 contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when the server receives a request from a user agent that indicates a fall-back to HTTP-Basic authentication and ISA does not properly authenticate the request. It is possible that the flaw may allow unauthenticated access resulting in a loss of confidentiality, integrity, and/or availability.
Remote / Network Access
Loss of Integrity
Patch / RCS
Microsoft has released a patch to address this vulnerability.