ammar_secret
11-06-2004, 01:18 PM
Vulnerability
Microsoft ISA Server Authentication Bypassing
Description
This weakness is tested in a network environment where Microsoft ISA
server is configured as an Internet ***** server and the users are
required to provide appropriate user name and the password to access the
internet.
In HTTP 1.1, the Keep-Alive connections connection remains active unless
the user closes the internet browser. In case of IE once the user closes
all the open IE windows, the Keep-Alive sessions closes. Hence, every
new IE opened will ask the user to enter UserID and Password to
authenticate to the ***** server (if the ***** requires authentication).
Microsoft ISA Server Authentication Bypassing
Description
This weakness is tested in a network environment where Microsoft ISA
server is configured as an Internet ***** server and the users are
required to provide appropriate user name and the password to access the
internet.
In HTTP 1.1, the Keep-Alive connections connection remains active unless
the user closes the internet browser. In case of IE once the user closes
all the open IE windows, the Keep-Alive sessions closes. Hence, every
new IE opened will ask the user to enter UserID and Password to
authenticate to the ***** server (if the ***** requires authentication).