It was recently pointed out to me that when a user attempts to log onto a SharePoint extranet published web site through ISA they can replace HTTPS in the header with HTTP and user credentials could potentially be sent over the web unencrypted.
For example if a user connects to the site entering http://sharepoint.extranet.com and is redirected to https://sharepoint.extranet.com/cookieauth.dll?<parameters> then the user manually modifies the URL back to HTTP e.g. http://sharepoint.extranet.com/cookieauth.dll?<parameters>.
This is obviously a security vulnerability and Microsoft have published a KB article (958607) describing how to resolve this which can be seen here.
If you have Exchange or SharePoint published via ISA 2006 I would strongly suggest either applying the ISA hot fix or workaround to resolve this.
0 comments:
Post a Comment