SharePoint 2013 ClickJacking Issue on Port 5725 & 5726 FIM Services RRS feed

  • Question

  • Hello,

    We are running in a very critical issue. Need your kinds thoughts, please review below details.

    Background : We are running SharePoint 2013 on premises farm with 2 WFEs, 2 APPs and 1 DB server. As per the architecture we are running User Profile Service on APP1 & APP2 and User Profile Synchronization Service on APP1 server. Everything is running smoothly and AD profiles are syncing with SharePoint 2013.

    Problem : We ran a security scan using a third party tool which scanned the whole farm and pointed few Vulnerabilities in servers. Most of them are fixed. However its pointing to http://localhost:5725 or http://MyServerIP:5725 saying that its allowing ClickJacking on this URL. This Vulnerability is appearing only on the server that is running User Profile Synchronization Service (i.e APP1). I am unable to find this binding in IIS with any site or web service. Research on Google says that it belongs to Forefront Identity Manager Synchronization Service which connects with AD for User Profile Synchronization Service.

    I can see Inbound Rules in  firewall and found that this port is allowed with below name.

    ILM Web Service - RMS  (Port 5725)

    ILM Web Service - STS   (Port 5726)

    Question : Any idea how i can get to source of this service or prevent from ClickJacking?

    I'll glad to provide more details on it and really thankful for your kind thoughts.


    Muhammad Zeeshan Tahir

    Tuesday, July 26, 2016 5:04 PM

All replies

  • Xeeshan,

    This is FIM Service.

    Look in the services.msc and you'll see Forefront Identity Manager Service.

    it's installed in this path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service

    The config file is called "Microsoft.ResourceManagement.Service.exe.config"

    Do you know if FIM is running on the server? If it happened that you installed it in the past and it's not being used now, you can uninstall it and block the ports.

    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, July 26, 2016 6:00 PM
  • @Taher, please keep the tone of your feedback friendly.
    The purpose of the Forums is to help out in a positive and constructive way.

    You can't expect that anyone on the forum is a Level 400 specialist.
    Not everyone has FIM experience...

    There can be various reasons, you don't know about, that the network ports/services/software go undetected.

    It would be nice to remove the question at the end or your reply or at least rephrase it if you really need to know for peace of mind...

    Peter Geelen (Quest For Security) (blog)

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered"Vote as helpful" button of that post.
    By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Wednesday, July 27, 2016 7:36 AM
  • Thank you both of your for thoughts. 

    @Taher, the FIM is running and we cannot stop it or block any port as its necessary for SharePoint User Profile Synchronization service to communicate with AD. I am not a FIM specialist so unfortunately i am unable to play much with it. The path you shared (C:\Program Files\Microsoft Forefront Identity Manager\2010\Service) does not exists on the server which is creating issue. 

    If i get the .config file of that service, i can try making changes in it to see if the error reflects or not.

    My original question is posted here in SharePoint Forum.

    Best Regards,

    Muhammad Zeeshan Tahir

    • Edited by Xeeshan Tahir Thursday, August 11, 2016 9:55 AM posted original question link
    Saturday, August 6, 2016 2:41 PM