?
Solved

Solution for: Account Brute Force Possible Through IIS NTLM Authentication Scheme CVE-2002-0419

Posted on 2011-05-12
7
Medium Priority
?
2,502 Views
Last Modified: 2012-05-22
Please help to resolve the vulnerability:-Account Brute Force Possible Through IIS NTLM Authentication Scheme CVE-2002-0419
How to resolve this in Win 2003/2008?
Although I have got workaround:- disable NTLM authentication for your Web server. This can be done by unchecking "Integrated Windows Authentication" within "Authentication Method" under "Directory Security" in "Default Web Site Properties".
Is this fine for my webservers[win 2k3/2k8], will it require any Reboot/IIS Restart?
Is there any other better way to resolve this?

0
Comment
Question by:patron
  • 4
  • 3
7 Comments
 
LVL 18

Assisted Solution

by:dj_alik
dj_alik earned 1000 total points
ID: 35751776
Restart Application Pool for specific Application/Virtual Directory
0
 
LVL 1

Author Comment

by:patron
ID: 35751877
Thanks, will that work around work for me...will there be any impact for internal/external users accessing websites after disabling Integrated Windows Authentication?
0
 
LVL 18

Assisted Solution

by:dj_alik
dj_alik earned 1000 total points
ID: 35751899
Is  anonymous user enabled?
Check f you have some connection in internal SQL DB and etc... based  on Integrated Windows Security.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:patron
ID: 35751971
Yes, Anonymous is enabled of all there servers and for more detail………

one is my exchange server-users are accessing it internally and externally
Second is prod. website
Third is some internal application access by user internally and externally
0
 
LVL 18

Accepted Solution

by:
dj_alik earned 1000 total points
ID: 35751980
Let's try
0
 
LVL 1

Author Comment

by:patron
ID: 35868405
i m trying to get approval to implement the same in prod, while in test we have redirected request through another server.
0
 
LVL 1

Author Closing Comment

by:patron
ID: 38000640
Thanks
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question