Guest Adam Posted November 25, 2008 Posted November 25, 2008 Good morning all, We have been having a problem with a repeat vulnerability on one of our IIS 6.0 boxes: --------- Vulnerability Identified: IIS localstart.asp Authentication Prompt Severity: Medium Description: The Microsoft IIS server has a localstart.asp file and it is protected by NTLM authentication. Impact: A remote web client who requests the localstart.asp file will be prompted by the WWW-Authenticate: NTLM mechanism for authentication credentials for the web server. Attackers may leverage this authentication mechanism in a brute force authentication attack. ------------ Recommendation: If maintaining this file is not needed for normal business operations, Verizon Business recommends deleting it from the web server so attackers cannot use it to launch brute force authentication attacks against it. One of my coworkers attempted the recommended solution and removed localstart.asp, but it looks like the file is still there. Does anybody have a suggestion for getting rid of this for good? Default Site is not being used (currently in a stopped state). Is it possible to just delete the entire site? All the other active sites are hosted in a completely different inetpub location. Thanks for taking the time to read this! Adam Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.