MS09-031: ISA Server 2006 FBA and RADIUS OTP Bulletin

By /

Passing along some information regarding a vulnerability in the ISA firewall that exists when you use FBA and RADIUS One Time Passwords (OTP).

If you have a Web Publishing Rule that meets the following specs:

  • The Web listener is configured for forms-based authentication (FBA) using RADIUS One-Time Passwords (OTP)
  • The web publishing rule delegates using Kerberos Constrained Delegation (KCD)
  • ISA is configured to allow fallback to HTTP-Basic authentication.

Then you need to get your head up and apply MS09-031 update.

For more information, check on Jim Harrison’s  article over at:

https://blogs.technet.com/isablog/archive/2009/07/13/ms09-031-isa-server-2006-fba-and-radius-otp-bulletin.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top