Solved

MICROSOFT IIS AUTHENTICATION ERROR INFORMATION DISCLOSURE - NTLM AUTHENTICATION

Posted on 2009-05-12
3
1,059 Views
Last Modified: 2012-05-06
Hello,

The results of several of our computers are reflecting this error message from a recent penetration test: MICROSOFT IIS AUTHENTICATION ERROR INFORMATION DISCLOSURE - NTLM AUTHENTICATION.
The only Fix Info. it gives that hosts running IIS 4 through 5.1 are properly configured and only authentication systems necessary for the environment are enabled.

My question: How and what settings need to be properly configured. I do not know what the settings need to be set at to make this risk go away. I have googled this for about 2 hours and really have not found anything.

Your assistance is greatly appreciated.
0
Comment
Question by:Dreams_of_skill
3 Comments
 
LVL 12

Accepted Solution

by:
jahboite earned 250 total points
ID: 24372957
The correct fix for this information disclosure vulnerability, which is described fully in any of the top results of a google search for the error message you posted, depends on whether you require any part of the website in question to be protected by an authentication system (e.g. username and password).

If those parts of the website you want protected are done so using a custom login form and sessions then you can safely disable Windows Integrated Authentication (i.e. stop using NTLM auth).  There's a microsoft kb article at http://support.microsoft.com/kb/837139 which details the steps.

Before you do this, you need to be sure that the integrated auth is not currently protecting something you don't want to allow anonymous access to.
After you've done it, you'll want to re-run the pentest/vulnerability scan to make sure you caught the issue.

Let us know how you get on.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24374293
Basically there are multiple types/levels of NTLM authentication (LM, NTLMv1 and NTLMv2) and the older versions of it are unsecure.
Windows has a registry value in a range of 1-5 for the NTLM compatibility level.  To force an acceptable authentication level this value should be set to 3-5, 5 being the best.

This article describes the problem and details the various levels ... http://support.microsoft.com/kb/147706 
0
 

Expert Comment

by:npglobal
ID: 25701088
how can i ndo check this issue  " TLM Auth Information Disclosure"
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now