Jump to content

Featured Replies

Posted

Good morning all,

 

We have been having a problem with a repeat vulnerability on one of our IIS

6.0 boxes:

 

---------

Vulnerability Identified: IIS localstart.asp Authentication Prompt

 

Severity: Medium

 

Description: The Microsoft IIS server has a localstart.asp file and it is

protected by NTLM authentication.

 

Impact: A remote web client who requests the localstart.asp file will be

prompted by the WWW-Authenticate: NTLM mechanism for authentication

credentials for the web server. Attackers may leverage this authentication

mechanism in a brute force authentication attack.

------------

 

Recommendation: If maintaining this file is not needed for normal business

operations, Verizon Business recommends deleting it from the web server so

attackers cannot use it to launch brute force authentication attacks against

it.

 

One of my coworkers attempted the recommended solution and removed

localstart.asp, but it looks like the file is still there. Does anybody have

a suggestion for getting rid of this for good? Default Site is not being

used (currently in a stopped state). Is it possible to just delete the

entire site? All the other active sites are hosted in a completely different

inetpub location.

 

Thanks for taking the time to read this!

 

Adam

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...