|
|
Family: Misc. --> Category: infos
Find if IIS server allows BASIC and/or NTLM authentication Vulnerability Scan
Vulnerability Scan Summary
Find IIS authentication scheme
Detailed Explanation for this Vulnerability Test
The remote host appears to be running a version of IIS which allows remote
users to acertain which authentication schemes are required for confidential
webpages.
That is, by requesting valid webpages with purposely invalid credentials, you
can ascertain whether or not the authentication scheme is in use. This can
be used for brute-force attacks against known UserIDs.
Solution : None at this time
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|
