| VID |
22205 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The iisPROTECT allows access to the administrative interface without authentication.
The iisPROTECT is a Web-based user authentication program that is used to password protect Web site contents for Microsoft Windows platforms. Because the administration interface of this iisPROTECT has not been password protected by default, a remote attacker can perform administrative tasks without any authentication.
* Platforms Affected:
iisPROTECT any version |
| Recommendation |
Set a password protect for this administration interface.
1. Open the iisPROTECT site administration interface, "Tools-Site Admin", from the start menu.
2. Go to the "Access" tab and select the "add" sub tab.
3. Enter the Usernames and enter the path as /directory(ex. /iisprotect/admin/GlobalAdmin.asp).
4. Select a group and click "Add New Record".
5. Select the "General" tab from the top row and click the "reload access" button. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
