Microsoft IIS Authentication Method Enumeration

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an information disclosure
vulnerability.

Description :

The remote host appears to be running a version of IIS which allows
remote users to determine which authentication schemes are required for
confidential web pages.

That is, by requesting valid web pages with purposely invalid
credentials, you can ascertain whether or not the authentication scheme
is in use. This can be used for brute-force attacks against known
USerIDs.

See also :

http://marc.info/?l=bugtraq
m=101535399100534
w=2

Solution :

If the application allows, disable any authentication methods that are
not used in the IIS Properties interface.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.6
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11871 (iis_auth_scheme.nasl)

Bugtraq ID: 4235

CVE ID: CVE-2002-0419