• RSS
  • Twitter
  • FaceBook

Deb Shinder Blog RSS

All Blogs  »  Deb Shinder Blog  »  News ISA Central  »  Blog article: MS09-031: ISA Server 2006 FBA and RADIUS OTP Bulletin

MS09-031: ISA Server 2006 FBA and RADIUS OTP Bulletin

Passing along some information regarding a vulnerability in the ISA firewall that exists when you use FBA and RADIUS One Time Passwords (OTP).

If you have a Web Publishing Rule that meets the following specs:

  • The Web listener is configured for forms-based authentication (FBA) using RADIUS One-Time Passwords (OTP)
  • The web publishing rule delegates using Kerberos Constrained Delegation (KCD)
  • ISA is configured to allow fallback to HTTP-Basic authentication.

Then you need to get your head up and apply MS09-031 update.

For more information, check on Jim Harrison’s  article over at:

https://blogs.technet.com/isablog/archive/2009/07/...n.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This entry was posted on Wednesday, July 15th, 2009 at 7:13 am and is filed under News, ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply


Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!