| VID |
27073 |
| Severity |
10 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
The basic FTP service can be sniffed by the simple sniffer because it transfers account and password without encryption. So we recommend that you don't use this service or set access control configuration to allow authorized using of specific IP address.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
1. Internet Information Service(IIS) Management> FTP Site> Properties> Directory Security Tab> Select ¡°Access Deny¡± and add reachable IP address
¡Ø Don't create additional FTP site, but bind FTP site to current web site in IIS 7 and later versions
(Administrative Tools> Internet Information Service(IIS) 6.0 Manager > FTP Setting) |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
