none
Microsoft IIS Authentication Method Disclosure Vulnerability

    Question

  • Hi,

    I received below vulnerability information on MS Lync FrontEnd server:

    THREAT:
    Microsoft IIS supports Basic and NTLM authentication. It has been reported that the authentication methods supported by a given IIS server can be
    revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted.
    When a valid authentication request is submitted (for either method) with an invalid username and password, an error message is returned. This
    happens even if anonymous access to the requested resource is allowed.
    IMPACT:
    Exploitation could allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the
    server in which in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP
    addresses that were obscured by NAT, or when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are
    revealed in response to an Authorization request.
    SOLUTION:
    Currently there are no vendor supplied patches available.
    COMPLIANCE:
    Not Applicable
    EXPLOITABILITY:
    There is no exploitability information for this vulnerability.
    ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.
    RESULTS:
    NTLM

    Please guide how to resolve and does solution effect the production/user authentication.

    Regards

    Sajid


    • Edited by Sajidami82 Friday, January 15, 2016 5:17 AM
    Friday, January 15, 2016 5:16 AM

All replies

  • Yo can activate Kerberos authentication for your Lync/SfB environment

    https://techmikal.com/2015/02/15/the-lync-kerberos-account/


    regards Holger Technical Specialist UC

    Saturday, July 15, 2017 8:09 AM