Microsoft ISA Server 2006 Radius OTP Bypass Vulnerability ( 15 July 2009 )

Last Update Date: 28 Jan 2011 Release Date: 15 Jul 2009 4333 Views

RISK: Medium Risk

Medium Risk

An elevation of privilege vulnerability exists in ISA Server 2006 authentication when configured with Radius OTP. The vulnerability could allow an unauthenticated user access to any Web published resource. With knowledge of administrator account usernames, an attacker who successfully exploited this vulnerability could take complete control of systems relying on the ISA Server 2006 Web publishing rules for authentication. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Elevation of Privilege

System / Technologies affected

  • Microsoft Internet Security and Acceleration Server 2006

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Embedded OpenType Font Engine Multiple Vulnerabilities ( 15 July 2009 )

15 Jul 2009 4295 Views

Next

Microsoft Video ActiveX Control Vulnerability ( 15 July 2009 )

15 Jul 2009 4308 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY