If you do find any vulnerability, don't forget to let everyone know.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Tuesday, August 17, 2004 10:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: IISadmpwd security vulnerability??? Hi, IIRC the ISAPI extension that was used to provide this functionality originally had various buffer overflow issues. I would check this out: http://support.microsoft.com/?id=331834 Change password functionality replaced with Active Server Pages Also this: http://support.microsoft.com/?id=833734 FIX: You experience various problems when you use the Password Change pages in IIS 6.0 HTH Cheers Ken Original Message: >From: "Mulnick, Al" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: RE: [ActiveDir] OT: IISadmpwd security vulnerability??? >Date: Tue, 17 Aug 2004 13:20:49 -0400 >What vulnerabilities were they specifically worried about? There were many >changes made in IIS6.0 that were meant to address security concerns but >without knowing what they're concerned about specifically it can be tough to >help out. > >Al > > _____ > >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher >Sent: Tuesday, August 17, 2004 11:29 AM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] OT: IISadmpwd security vulnerability??? > > >I know this is off topic, but this does pertain to AD authentication. I know >there were serious vulnerabilities in IIS4/5 for IISadmpwd, but was >wondering if the same is true for IIS 6.0? There are some folks over here >that are worried about doing anything with IIS. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
