Solved

MICROSOFT IIS AUTHENTICATION ERROR INFORMATION DISCLOSURE - NTLM AUTHENTICATION

Posted on 2009-05-12
3
1,068 Views
Last Modified: 2012-05-06
Hello,

The results of several of our computers are reflecting this error message from a recent penetration test: MICROSOFT IIS AUTHENTICATION ERROR INFORMATION DISCLOSURE - NTLM AUTHENTICATION.
The only Fix Info. it gives that hosts running IIS 4 through 5.1 are properly configured and only authentication systems necessary for the environment are enabled.

My question: How and what settings need to be properly configured. I do not know what the settings need to be set at to make this risk go away. I have googled this for about 2 hours and really have not found anything.

Your assistance is greatly appreciated.
0
Comment
Question by:Dreams_of_skill
3 Comments
 
LVL 12

Accepted Solution

by:
jahboite earned 250 total points
ID: 24372957
The correct fix for this information disclosure vulnerability, which is described fully in any of the top results of a google search for the error message you posted, depends on whether you require any part of the website in question to be protected by an authentication system (e.g. username and password).

If those parts of the website you want protected are done so using a custom login form and sessions then you can safely disable Windows Integrated Authentication (i.e. stop using NTLM auth).  There's a microsoft kb article at http://support.microsoft.com/kb/837139 which details the steps.

Before you do this, you need to be sure that the integrated auth is not currently protecting something you don't want to allow anonymous access to.
After you've done it, you'll want to re-run the pentest/vulnerability scan to make sure you caught the issue.

Let us know how you get on.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24374293
Basically there are multiple types/levels of NTLM authentication (LM, NTLMv1 and NTLMv2) and the older versions of it are unsecure.
Windows has a registry value in a range of 1-5 for the NTLM compatibility level.  To force an acceptable authentication level this value should be set to 3-5, 5 being the best.

This article describes the problem and details the various levels ... http://support.microsoft.com/kb/147706 
0
 

Expert Comment

by:npglobal
ID: 25701088
how can i ndo check this issue  " TLM Auth Information Disclosure"
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
can not add ASP.NET to IIS 8 50
Link SQL table to Webpage 9 62
web & database SERVERS -- PHYSICAL & VM ? 5 56
IIS 8.5 WebDav Shared Handler Mappings 6 29
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question