Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege
- This topic has 0 replies, 1 voice, and was last updated 11 years, 1 month ago by
.
Viewing 1 post (of 1 total)
-
Posts
-
Hi,
For anyone who uses ISA 2006…
http://www.microsoft.com/technet/security/Bulletin/MS09-031.mspx
http://blogs.technet.com/isablog/archive/2009/07/13/ms09-031-isa-server-2006-fba-and-radius-otp-bulletin.aspxQuote:ISA server 2006 RTM, Supportability Update, Service Pack 1 that are configured as follows:- The Web listener is configured for forms-based authentication (FBA) using RADIUS One-Time Passwords (OTP)
- The web publishing rule delegates using Kerberos Constrained Delegation (KCD)
- ISA is configured to allow fallback to HTTP-Basic authentication
If you do not use RADIUS OTP with KCD, or you have disabled HTTP-Basic fallback for RADIUS OTP, you are not subject to this vulnerability.
Non-Affected Products
- ISA Server 2000
- ISA Server 2004
- Forefront TMG
Viewing 1 post (of 1 total)
You must be logged in to reply to this topic.