Solution for: Account Brute Force Possible Through IIS NTLM Authentication Scheme CVE-2002-0419
Please help to resolve the vulnerability:-Account Brute Force Possible Through IIS NTLM Authentication Scheme CVE-2002-0419
How to resolve this in Win 2003/2008?
Although I have got workaround:- disable NTLM authentication for your Web server. This can be done by unchecking "Integrated Windows Authentication" within "Authentication Method" under "Directory Security" in "Default Web Site Properties".
Is this fine for my webservers[win 2k3/2k8], will it require any Reboot/IIS Restart?
Is there any other better way to resolve this?
How to resolve this in Win 2003/2008?
Although I have got workaround:- disable NTLM authentication for your Web server. This can be done by unchecking "Integrated Windows Authentication" within "Authentication Method" under "Directory Security" in "Default Web Site Properties".
Is this fine for my webservers[win 2k3/2k8], will it require any Reboot/IIS Restart?
Is there any other better way to resolve this?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, Anonymous is enabled of all there servers and for more detail………
one is my exchange server-users are accessing it internally and externally
Second is prod. website
Third is some internal application access by user internally and externally
one is my exchange server-users are accessing it internally and externally
Second is prod. website
Third is some internal application access by user internally and externally
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i m trying to get approval to implement the same in prod, while in test we have redirected request through another server.
ASKER
Thanks
ASKER