Solved

MICROSOFT IIS AUTHENTICATION ERROR INFORMATION DISCLOSURE - NTLM AUTHENTICATION

Posted on 2009-05-12
3
1,050 Views
Last Modified: 2012-05-06
Hello,

The results of several of our computers are reflecting this error message from a recent penetration test: MICROSOFT IIS AUTHENTICATION ERROR INFORMATION DISCLOSURE - NTLM AUTHENTICATION.
The only Fix Info. it gives that hosts running IIS 4 through 5.1 are properly configured and only authentication systems necessary for the environment are enabled.

My question: How and what settings need to be properly configured. I do not know what the settings need to be set at to make this risk go away. I have googled this for about 2 hours and really have not found anything.

Your assistance is greatly appreciated.
0
Comment
Question by:Dreams_of_skill
3 Comments
 
LVL 12

Accepted Solution

by:
jahboite earned 250 total points
ID: 24372957
The correct fix for this information disclosure vulnerability, which is described fully in any of the top results of a google search for the error message you posted, depends on whether you require any part of the website in question to be protected by an authentication system (e.g. username and password).

If those parts of the website you want protected are done so using a custom login form and sessions then you can safely disable Windows Integrated Authentication (i.e. stop using NTLM auth).  There's a microsoft kb article at http://support.microsoft.com/kb/837139 which details the steps.

Before you do this, you need to be sure that the integrated auth is not currently protecting something you don't want to allow anonymous access to.
After you've done it, you'll want to re-run the pentest/vulnerability scan to make sure you caught the issue.

Let us know how you get on.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24374293
Basically there are multiple types/levels of NTLM authentication (LM, NTLMv1 and NTLMv2) and the older versions of it are unsecure.
Windows has a registry value in a range of 1-5 for the NTLM compatibility level.  To force an acceptable authentication level this value should be set to 3-5, 5 being the best.

This article describes the problem and details the various levels ... http://support.microsoft.com/kb/147706
0
 

Expert Comment

by:npglobal
ID: 25701088
how can i ndo check this issue  " TLM Auth Information Disclosure"
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now