New Search

Radius OTP Bypass Vulnerability

oval:org.mitre.oval:def:5649

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1 when Radius OTP is enabled uses the HTTP-Basic authentication method which allows remote attackers to gain the privileges of an arbitrary account and access published web pages via vectors involving attempted access to a network resource behind the ISA Server aka "Radius OTP Bypass Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2009-1135
Product(s):
  • Microsoft Internet Security and Acceleration Server 2006